Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8642d774 authored by Micah Morton's avatar Micah Morton Committed by Sahil Sonar
Browse files

BACKPORT: LSM: add SafeSetID module that gates setid calls 



This change ensures that the set*uid family of syscalls in kernel/sys.c
(setreuid, setuid, setresuid, setfsuid) all call ns_capable_common with
the CAP_OPT_INSETID flag, so capability checks in the security_capable
hook can know whether they are being called from within a set*uid
syscall. This change is a no-op by itself, but is needed for the
proposed SafeSetID LSM.

Change-Id: Ie661692d340f57b74c5cd6623159c028795d481f
Signed-off-by: default avatarMicah Morton <mortonm@chromium.org>
Acked-by: default avatarKees Cook <keescook@chromium.org>
Signed-off-by: default avatarJames Morris <james.morris@microsoft.com>
parent efaa1b9e
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment