exec: Don't reset euid and egid when the tracee has CAP_SETUID

Don't reset euid and egid when the tracee has CAP_SETUID in it's user namespace. I punted on relaxing this permission check long ago but now that I have read this code closely it is clear it is safe to test against CAP_SETUID in the user namespace. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

exec: Don't reset euid and egid when the tracee has CAP_SETUID
Don't reset euid and egid when the tracee has CAP_SETUID in it's user namespace. I punted on relaxing this permission check long ago but now that I have read this code closely it is clear it is safe to test against CAP_SETUID in the user namespace. Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
70169420 · Eric W. Biederman · 1cce1eea · 70169420
Commit 70169420 authored Nov 17, 2016 by Eric W. Biederman
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

security/commoncap.c security/commoncap.c +1 -1

No files found.
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -550,7 +550,7 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
 	     !cap_issubset(new->cap_permitted, old->cap_permitted)) &&
 	    bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
 		/* downgrade; they get no more than they had, and maybe less */
-		if (!capable(CAP_SETUID) ||
+		if (!ns_capable(new->user_ns, CAP_SETUID) ||
 		    (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)) {
 			new->euid = new->uid;
 			new->egid = new->gid;