Bug 461450

Summary: kernel: security: filesystem capabilities: fix fragile setuid fixup code [rhel-4.7.z]
Product: Red Hat Enterprise Linux 4 Reporter: Eugene Teo (Security Response) <eteo>
Component: kernelAssignee: Vitaly Mayatskikh <vmayatsk>
Status: CLOSED NOTABUG QA Contact: Martin Jenner <mjenner>
Severity: medium Docs Contact:
Priority: medium    
Version: 4.7.zCC: dhoward, lwang, security-response-team, vmayatsk
Target Milestone: rc   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-10-15 00:46:25 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 461444    
Bug Blocks:    

Description Eugene Teo (Security Response) 2008-09-08 03:26:32 UTC 
+++ This bug was initially created as a clone of Bug #461444 +++

Description of problem:
This commit includes a bugfix for the fragile setuid fixup code in the case that filesystem capabilities are supported (in access()). The effect of this fix is gated on filesystem capability support because changing securebits is only supported when filesystem capabilities support is configured.)

--- Additional comment from eteo on 2008-09-07 22:56:40 EDT ---

Proposed upstream patch:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=086f7316f0d400806d76323beefae996bb3849b1

--- Additional comment from eteo on 2008-09-07 22:57:33 EDT ---

Created an attachment (id=315983)
Upstream patch for this issue
Comment 1 Eugene Teo (Security Response) 2008-10-15 00:46:25 UTC 
closing bug. See 461444 comment #4