PERFORCE change 148281 for review
Robert Watson
rwatson at FreeBSD.org
Sun Aug 24 20:50:30 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=148281
Change 148281 by rwatson at rwatson_freebsd_capabilities on 2008/08/24 20:50:22
Don't allow setuid/setgid/MAC transition in capability mode for
reasons of conservatism; comment on this.
Affected files ...
.. //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_exec.c#12 edit
Differences ...
==== //depot/projects/trustedbsd/capabilities/src/sys/kern/kern_exec.c#12 (text+ko) ====
@@ -631,6 +631,13 @@
* Don't honor setuid/setgid if the filesystem prohibits it or if
* the process is being traced.
*
+ * We disable setuid/setgid/etc in capability mode on the basis that
+ * most setugid applications are not written with that environment in
+ * mind, and will therefore almost certainly operate incorrectly. In
+ * principle there's no reason that setugid applications might not be
+ * useful in capability mode, so we may want to reconsider this
+ * conservative design choice in the future.
+ *
* XXXMAC: For the time being, use NOSUID to also prohibit
* transitions on the file system.
*/
@@ -647,6 +654,7 @@
#endif
if (credential_changing &&
+ (oldcred->cr_flags & CRED_FLAG_CAPMODE) == 0 &&
(imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
(p->p_flag & P_TRACED) == 0) {
/*
More information about the p4-projects
mailing list