Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 306503 Details for
Bug 447518
Call to capget() overflows buffers
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Proposed kernel (include/linux/capability.h) 'fix' for this issue
remain-source-compatible-with-32-bit-raw-legacy-capa.patch (text/plain), 5.68 KB, created by
Andrew G. Morgan
on 2008-05-23 14:28:17 UTC
(
hide
)
Description:
Proposed kernel (include/linux/capability.h) 'fix' for this issue
Filename:
MIME Type:
Creator:
Andrew G. Morgan
Created:
2008-05-23 14:28:17 UTC
Size:
5.68 KB
patch
obsolete
>From ef100b0606f0e35f78be526b0840533ef188dbbe Mon Sep 17 00:00:00 2001 >From: Andrew G. Morgan <morgan@kernel.org> >Date: Thu, 22 May 2008 22:57:54 -0700 >Subject: [PATCH] Remain source compatible with 32-bit raw legacy capability support. > >Source code out there hard-codes a notion of what the >_LINUX_CAPABILITY_VERSION #define means in terms of the semantics of >the raw capability system calls capget() and capset(). Its unfortunate, >but true. > >As such, force this define to always retain its legacy value, and adopt >a new #define strategy for the kernel's internal implementation of the >preferred magic. > >[User space code continues to be encouraged to use the libcap API which >protects the application from details like this.] > >Signed-off-by: Andrew G. Morgan <morgan@kernel.org> >Cc: Andrew Morton <akpm@linux-foundation.org> >Cc: Chris Wright <chrisw@sous-sol.org> >Cc: Serge E. Hallyn <serue@us.ibm.com> >--- > fs/proc/array.c | 2 +- > include/linux/capability.h | 26 ++++++++++++++++++-------- > kernel/capability.c | 12 ++++++------ > 3 files changed, 25 insertions(+), 15 deletions(-) > >diff --git a/fs/proc/array.c b/fs/proc/array.c >index 9e3b8c3..797d775 100644 >--- a/fs/proc/array.c >+++ b/fs/proc/array.c >@@ -288,7 +288,7 @@ static void render_cap_t(struct seq_file *m, const char *header, > seq_printf(m, "%s", header); > CAP_FOR_EACH_U32(__capi) { > seq_printf(m, "%08x", >- a->cap[(_LINUX_CAPABILITY_U32S-1) - __capi]); >+ a->cap[(_KERNEL_CAPABILITY_U32S-1) - __capi]); > } > seq_printf(m, "\n"); > } >diff --git a/include/linux/capability.h b/include/linux/capability.h >index f4ea0dd..f88b4db 100644 >--- a/include/linux/capability.h >+++ b/include/linux/capability.h >@@ -34,9 +34,6 @@ struct task_struct; > #define _LINUX_CAPABILITY_VERSION_2 0x20071026 > #define _LINUX_CAPABILITY_U32S_2 2 > >-#define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_2 >-#define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_2 >- > typedef struct __user_cap_header_struct { > __u32 version; > int pid; >@@ -77,10 +74,23 @@ struct vfs_cap_data { > } data[VFS_CAP_U32]; > }; > >-#ifdef __KERNEL__ >+#ifndef __KERNEL__ >+ >+/* >+ * Backwardly compatible definition for source code - trapped in a >+ * 32-bit world. If you find you need this, please consider using >+ * libcap to untrap yourself... >+ */ >+#define _LINUX_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_1 >+#define _LINUX_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_1 >+ >+#else >+ >+#define _KERNEL_CAPABILITY_VERSION _LINUX_CAPABILITY_VERSION_2 >+#define _KERNEL_CAPABILITY_U32S _LINUX_CAPABILITY_U32S_2 > > typedef struct kernel_cap_struct { >- __u32 cap[_LINUX_CAPABILITY_U32S]; >+ __u32 cap[_KERNEL_CAPABILITY_U32S]; > } kernel_cap_t; > > #define _USER_CAP_HEADER_SIZE (sizeof(struct __user_cap_header_struct)) >@@ -351,7 +361,7 @@ typedef struct kernel_cap_struct { > */ > > #define CAP_FOR_EACH_U32(__capi) \ >- for (__capi = 0; __capi < _LINUX_CAPABILITY_U32S; ++__capi) >+ for (__capi = 0; __capi < _KERNEL_CAPABILITY_U32S; ++__capi) > > # define CAP_FS_MASK_B0 (CAP_TO_MASK(CAP_CHOWN) \ > | CAP_TO_MASK(CAP_DAC_OVERRIDE) \ >@@ -361,7 +371,7 @@ typedef struct kernel_cap_struct { > > # define CAP_FS_MASK_B1 (CAP_TO_MASK(CAP_MAC_OVERRIDE)) > >-#if _LINUX_CAPABILITY_U32S != 2 >+#if _KERNEL_CAPABILITY_U32S != 2 > # error Fix up hand-coded capability macro initializers > #else /* HAND-CODED capability initializers */ > >@@ -372,7 +382,7 @@ typedef struct kernel_cap_struct { > # define CAP_NFSD_SET ((kernel_cap_t){{ CAP_FS_MASK_B0|CAP_TO_MASK(CAP_SYS_RESOURCE), \ > CAP_FS_MASK_B1 } }) > >-#endif /* _LINUX_CAPABILITY_U32S != 2 */ >+#endif /* _KERNEL_CAPABILITY_U32S != 2 */ > > #define CAP_INIT_INH_SET CAP_EMPTY_SET > >diff --git a/kernel/capability.c b/kernel/capability.c >index 39e8193..8e5cc51 100644 >--- a/kernel/capability.c >+++ b/kernel/capability.c >@@ -88,7 +88,7 @@ asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr) > tocopy = _LINUX_CAPABILITY_U32S_2; > break; > default: >- if (put_user(_LINUX_CAPABILITY_VERSION, &header->version)) >+ if (put_user(_KERNEL_CAPABILITY_VERSION, &header->version)) > return -EFAULT; > return -EINVAL; > } >@@ -118,7 +118,7 @@ out: > spin_unlock(&task_capability_lock); > > if (!ret) { >- struct __user_cap_data_struct kdata[_LINUX_CAPABILITY_U32S]; >+ struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S]; > unsigned i; > > for (i = 0; i < tocopy; i++) { >@@ -128,7 +128,7 @@ out: > } > > /* >- * Note, in the case, tocopy < _LINUX_CAPABILITY_U32S, >+ * Note, in the case, tocopy < _KERNEL_CAPABILITY_U32S, > * we silently drop the upper capabilities here. This > * has the effect of making older libcap > * implementations implicitly drop upper capability >@@ -240,7 +240,7 @@ static inline int cap_set_all(kernel_cap_t *effective, > */ > asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) > { >- struct __user_cap_data_struct kdata[_LINUX_CAPABILITY_U32S]; >+ struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S]; > unsigned i, tocopy; > kernel_cap_t inheritable, permitted, effective; > __u32 version; >@@ -260,7 +260,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) > tocopy = _LINUX_CAPABILITY_U32S_2; > break; > default: >- if (put_user(_LINUX_CAPABILITY_VERSION, &header->version)) >+ if (put_user(_KERNEL_CAPABILITY_VERSION, &header->version)) > return -EFAULT; > return -EINVAL; > } >@@ -281,7 +281,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data) > permitted.cap[i] = kdata[i].permitted; > inheritable.cap[i] = kdata[i].inheritable; > } >- while (i < _LINUX_CAPABILITY_U32S) { >+ while (i < _KERNEL_CAPABILITY_U32S) { > effective.cap[i] = 0; > permitted.cap[i] = 0; > inheritable.cap[i] = 0; >-- >1.5.3.7 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=306503">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 447518
:
306100
|
306104
|
306360
|
306503
|
306879