Reported by Steve Grubb, if a process increases permissions using fcaps all of the dangerous personality flags which are cleared for suid apps should also be cleared. Thus for example programs given privilege with fcaps will continue to have address space randomization enabled even if the parent tried to disable it to make it easier to attack.
Upstream commit: http://git.kernel.org/linus/d52fc5dde171f030170a6cb78034d166b13c9445
Statement: This issue did not affect the Linux kernel as shipped with Red Hat Enterprise Linux 4, and 5. This has been addressed in Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2012-0670.html. This has been addressed in Red Hat Enterprise Linux 6 via https://rhn.redhat.com/errata/RHSA-2012-0743.html.
Also from Steve, AFAIK, there are no packages we ship on RHEL6 that use file system based capabilities because rpm lacked the support at the time. But rpm might get upgraded and some package from Fedora becomes a RHEL6 rebase and then we have the problem. Or maybe the software stacks pulls one in. But we still want to fix it. Fedora 15 is where we started shipping packages that take advantage of the file system based capabilities. And since RHEL7-alpha is an import of F16/17, it certainly has the issue.
Created kernel tracking bugs for this issue Affects: fedora-all [bug 814523]
Added CVE as per http://www.openwall.com/lists/oss-security/2012/04/20/6
(In reply to comment #14) > Upstream commit: > http://git.kernel.org/linus/d52fc5dde171f030170a6cb78034d166b13c9445 You probably also want: http://git.kernel.org/linus/51b79bee627d526199b2f6a6bef8ee0c0739b6d1 to fix a non-x86 build error.
kernel-3.3.2-8.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.3.2-6.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report.
kernel-2.6.43.2-6.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: MRG for RHEL-6 v.2 Via RHSA-2012:0670 https://rhn.redhat.com/errata/RHSA-2012-0670.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0743 https://rhn.redhat.com/errata/RHSA-2012-0743.html