diff options
| author | codeworkx <codeworkx@cyanogenmod.com> | 2012-09-18 18:51:21 +0200 |
|---|---|---|
| committer | codeworkx <codeworkx@cyanogenmod.com> | 2012-09-18 19:02:23 +0200 |
| commit | f991bd2a427ec6a5e049e19745aba6a5d7f006c4 (patch) | |
| tree | c6f0d428403c32c95335c34b3f0105c2e4c8087d /security/commoncap.c | |
| parent | c28265764ec6ad9995eb0c761a376ffc9f141fcd (diff) | |
| parent | bea37381fd9a34c6660e5195d31beea86aa3dda3 (diff) | |
| download | kernel_samsung_smdk4412-f991bd2a427ec6a5e049e19745aba6a5d7f006c4.zip kernel_samsung_smdk4412-f991bd2a427ec6a5e049e19745aba6a5d7f006c4.tar.gz kernel_samsung_smdk4412-f991bd2a427ec6a5e049e19745aba6a5d7f006c4.tar.bz2 | |
Merge linux-3.0.31 from korg into jellybean
Conflicts:
arch/arm/mm/proc-v7.S
drivers/base/core.c
drivers/gpu/drm/i915/i915_gem_execbuffer.c
drivers/gpu/drm/i915/intel_display.c
drivers/gpu/drm/i915/intel_lvds.c
drivers/gpu/drm/radeon/evergreen.c
drivers/gpu/drm/radeon/r100.c
drivers/gpu/drm/radeon/radeon_connectors.c
drivers/gpu/drm/radeon/rs600.c
drivers/usb/core/hub.c
drivers/usb/host/xhci-pci.c
drivers/usb/host/xhci.c
drivers/usb/serial/qcserial.c
fs/proc/base.c
Change-Id: Ia98b35db3f8c0bfd95817867d3acb85be8e5e772
Diffstat (limited to 'security/commoncap.c')
| -rw-r--r-- | security/commoncap.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/commoncap.c b/security/commoncap.c index da21e7c..8bfbd13 100644 --- a/security/commoncap.c +++ b/security/commoncap.c @@ -28,6 +28,7 @@ #include <linux/prctl.h> #include <linux/securebits.h> #include <linux/user_namespace.h> +#include <linux/personality.h> #ifdef CONFIG_ANDROID_PARANOID_NETWORK #include <linux/android_aid.h> @@ -521,6 +522,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm) } skip: + /* if we have fs caps, clear dangerous personality flags */ + if (!cap_issubset(new->cap_permitted, old->cap_permitted)) + bprm->per_clear |= PER_CLEAR_ON_SETID; + + /* Don't let someone trace a set[ug]id/setpcap binary with the revised * credentials unless they have the appropriate permit */ |