exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337)
authorOleg Nesterov <oleg@redhat.com>
Mon, 6 Apr 2009 14:16:02 +0000 (16:16 +0200)
committerGreg Kroah-Hartman <gregkh@suse.de>
Sat, 2 May 2009 17:24:55 +0000 (10:24 -0700)
CVE-2009-1337

commit 432870dab85a2f69dc417022646cb9a70acf7f94 upstream.

The CAP_KILL check in exit_notify() looks just wrong, kill it.

Whatever logic we have to reset ->exit_signal, the malicious user
can bypass it if it execs the setuid application before exiting.

Signed-off-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Serge Hallyn <serue@us.ibm.com>
Acked-by: Roland McGrath <roland@redhat.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

No differences found