fcaps: clear the same personality flags as suid when fcaps are used
authorEric Paris <eparis@redhat.com>
Tue, 17 Apr 2012 20:26:54 +0000 (16:26 -0400)
committerVarun Wadekar <vwadekar@nvidia.com>
Wed, 25 Apr 2012 06:16:01 +0000 (11:16 +0530)
commitd9d6d6276efdb090d8114e9d1e6a65736e0a7154
treeec91b2f098d32bb7a2e1ded4ca5969c5a689c996
parent6889936493501f1d9abddff353cfd5fb266538c8
fcaps: clear the same personality flags as suid when fcaps are used

If a process increases permissions using fcaps all of the dangerous
personality flags which are cleared for suid apps should also be cleared.
Thus programs given priviledge with fcaps will continue to have address space
randomization enabled even if the parent tried to disable it to make it
easier to attack.

Signed-off-by: Eric Paris <eparis@redhat.com>
Reviewed-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
security/commoncap.c