Bug 461444
| Summary: | kernel: security: filesystem capabilities: fix fragile setuid fixup code [mrg-1] | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise MRG | Reporter: | Eugene Teo (Security Response) <eteo> | ||||
| Component: | realtime-kernel | Assignee: | Luis Claudio R. Goncalves <lgoncalv> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | |||||
| Severity: | medium | Docs Contact: | |||||
| Priority: | medium | ||||||
| Version: | 1.1 | CC: | bhu, jpirko, lgoncalv, security-response-team, williams | ||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2008-10-15 12:07:23 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | |||||||
| Bug Blocks: | 461446, 461449, 461450 | ||||||
| Attachments: |
|
||||||
|
Description
Eugene Teo (Security Response)
2008-09-08 02:53:52 UTC
Proposed upstream patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=086f7316f0d400806d76323beefae996bb3849b1 Created attachment 315983 [details]
Upstream patch for this issue
I had two failures applying the patch: * include/linux/capability.h the file we have in MRG is at least 200 lines shorter, giving the line numbering for the patch bits. include/linux/securebits.h though this file is small, the one in MRG has fewer defs. Eugene, my question is: should I backport both files from upstream? I am not sure how much work it would mean as it may mean backporting suport functions and so on. I asked Andrew G. Morgan (author or upstream patch) how to test this issue. He told me that there is good chance that we do not need this patch: "The relevant change is resurrecting the securebits as a per-process property. I'd be really surprised if you back ported this, and if you haven't this patch can be safely ignored." securebits as a per-process property was introduced by following patch: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=3898b1b4ebff8dcfbcf1807e0661585e06c9a91c We DO NOT have this in our kernels so there is no need to fix this issue because there is not any. Feel free to close this bug. (In reply to comment #3) > I had two failures applying the patch: > * include/linux/capability.h > > the file we have in MRG is at least 200 lines shorter, giving the line > numbering for the patch bits. > > include/linux/securebits.h > > though this file is small, the one in MRG has fewer defs. > > Eugene, my question is: should I backport both files from upstream? I am not > sure how much work it would mean as it may mean backporting suport functions > and so on. As discussed with Andrew, there is no need to fix this issue. Please close this bug. Thanks! Closed as NOTABUG. Thanks Eugene and Jiri (and Andrew) :) |