• Andrew G. Morgan's avatar
    capabilities: remain source compatible with 32-bit raw legacy capability support. · ca05a99a
    Andrew G. Morgan authored
    Source code out there hard-codes a notion of what the
    _LINUX_CAPABILITY_VERSION #define means in terms of the semantics of the
    raw capability system calls capget() and capset().  Its unfortunate, but
    true.
    
    Since the confusing header file has been in a released kernel, there is
    software that is erroneously using 64-bit capabilities with the semantics
    of 32-bit compatibilities.  These recently compiled programs may suffer
    corruption of their memory when sys_getcap() overwrites more memory than
    they are coded to expect, and the raising of added capabilities when using
    sys_capset().
    
    As such, this patch does a number of things to clean up the situation
    for all. It
    
      1. forces the _LINUX_CAPABILITY_VERSION define to always retain its
         legacy value.
    
      2. adopts a new #define strategy for the kernel's internal
         implementation of the preferred magic.
    
      3. deprecates v2 capability magic in favor of a new (v3) magic
         number. The functionality of v3 is entirely equivalent to v2,
         the only difference being that the v2 magic causes the kernel
         to log a "deprecated" warning so the admin can find applications
         that may be using v2 inappropriately.
    
    [User space code continues to be encouraged to use the libcap API which
    protects the application from details like this.  libcap-2.10 is the first
    to support v3 capabilities.]
    
    Fixes issue reported in https://bugzilla.redhat.com/show_bug.cgi?id=447518.
    Thanks to Bojan Smojver for the report.
    
    [akpm@linux-foundation.org: s/depreciate/deprecate/g]
    [akpm@linux-foundation.org: be robust about put_user size]
    [akpm@linux-foundation.org: coding-style fixes]
    Signed-off-by: default avatarAndrew G. Morgan <morgan@kernel.org>
    Cc: Serge E. Hallyn <serue@us.ibm.com>
    Cc: Bojan Smojver <bojan@rexursive.com>
    Cc: stable@kernel.org
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarChris Wright <chrisw@sous-sol.org>
    ca05a99a
capability.c 9.44 KB