[PATCH] capset returns -EPERM when pid==current->pid

In the current kernel/capability.c:sys_capset() code, permission is
denied if CAP_SETPCAP is not held and pid is positive.  pid=0 means use
the current process, and this is allowed.  But using the current
process' pid is not allowed.  The man page for capsetp simply says that
CAP_SETPCAP is required to use this function, and does not mention the
exception for pid=0. 

The current behavior seems inconsistent.  The attached patch also
allows a process to call capset() on itself.
Signed-off-by: Chris Wright <chrisw@osdl.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

kernel/capability.c

@@ -173,7 +173,7 @@ asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
      if (get_user(pid, &header->pid))
 	     return -EFAULT; 
 
-     if (pid && !capable(CAP_SETPCAP))
+     if (pid && pid != current->pid && !capable(CAP_SETPCAP))
              return -EPERM;
 
      if (copy_from_user(&effective, &data->effective, sizeof(effective)) ||