Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Apr 2009 12:51:05 +0800
From: Eugene Teo <eugene@...hat.com>
To: oss-security@...ts.openwall.com
CC: "Steven M. Christey" <coley@...us.mitre.org>
Subject: CVE request: kernel: missing capabilities in fs_mask

"When POSIX capabilities were introduced during the 2.1 Linux cycle, the
fs mask, which represents the capabilities which having fsuid==0 is
supposed to grant, did not include CAP_MKNOD and CAP_LINUX_IMMUTABLE.
However, before capabilities the privilege to call these did in fact
depend upon fsuid==0.

This patch introduces those capabilities into the fsmask, restoring the
old behavior.

See the thread starting at http://lkml.org/lkml/2009/3/11/157 for reference.

Note that if this fix is deemed valid, then earlier kernel versions (2.4
and 2.2) ought to be fixed too.

Changelog:
 [Mar 23] Actually delete old CAP_FS_SET definition...
 [Mar 20] Updated against J. Bruce Fields's patch"

References:
https://bugzilla.redhat.com/show_bug.cgi?id=497047
http://lwn.net/Articles/328572/?format=printable
http://lwn.net/Articles/328594/?format=printable
http://git.kernel.org/linus/0ad30b8fd5fe798aae80df6344b415d8309342cc

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.