exec: Don't reset euid and egid when the tracee has CAP_SETUID
authorEric W. Biederman <ebiederm@xmission.com>
Thu, 17 Nov 2016 07:38:35 +0000 (01:38 -0600)
committerEric W. Biederman <ebiederm@xmission.com>
Mon, 23 Jan 2017 23:03:07 +0000 (12:03 +1300)
Don't reset euid and egid when the tracee has CAP_SETUID in
it's user namespace.  I punted on relaxing this permission check
long ago but now that I have read this code closely it is clear
it is safe to test against CAP_SETUID in the user namespace.

Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
security/commoncap.c

index 8df676f..feb6044 100644 (file)
@@ -550,7 +550,7 @@ skip:
             !cap_issubset(new->cap_permitted, old->cap_permitted)) &&
            bprm->unsafe & ~LSM_UNSAFE_PTRACE_CAP) {
                /* downgrade; they get no more than they had, and maybe less */
-               if (!capable(CAP_SETUID) ||
+               if (!ns_capable(new->user_ns, CAP_SETUID) ||
                    (bprm->unsafe & LSM_UNSAFE_NO_NEW_PRIVS)) {
                        new->euid = new->uid;
                        new->egid = new->gid;