linux-security-module November 2007 archive
Main Archive Page > Month Archives  > linux-security-module archives
linux-security-module: Re: [PATCH] 64bit capability support (leg

Re: [PATCH] 64bit capability support (legacy support fix)

From: Serge E. Hallyn <serue_at_nospam>
Date: Wed Nov 21 2007 - 17:10:51 GMT
To: Andrew Morton <akpm@linux-foundation.org>


Quoting Andrew Morton (akpm@linux-foundation.org):
> On Sat, 17 Nov 2007 21:25:27 -0800 Andrew Morgan <morgan@kernel.org> wrote:
>
> > The attached patch (171282b3553fcec43b9ab615eb7daf6c2b494a87) applies
> > against 2.6.24-rc2-mm1. It addresses the problem reported by Kevin and
> > Andy - ultimately, the legacy support wasn't transparent. In particular,
> > userspace 32-bit capability manipulations (when run by root) that used
> > to work, without this patch, fail.
>
> My venerable FC1 machine says
>
> warning: process `zsh' gets w/ old libcap
> warning: process `zsh' gets w/ old libcap
> warning: process `zsh' gets w/ old libcap
>
> should I be scared?

It should be safe as of Andrew's latest patch. (Before that patch it was only unsafe because root's capabilities are just set to {~0,~0} so they include invalid capabilities.

Agreed a better error message would be good. Would it be inappropriate to include the URL for new libcap versions?

thanks,
-serge
-
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html