From: Andrew G. Morgan <morgan@kernel.org>
Date: Tue, 22 Jan 2008 01:18:30 +0000 (-0800)
Subject: Fix filesystem capability support
X-Git-Tag: v2.6.24~28
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a6dbb1ef2fc8d73578eacd02ac701f4233175c9f;p=pandora-kernel.git

Fix filesystem capability support

In linux-2.6.24-rc1, security/commoncap.c:cap_inh_is_capped() was
introduced. It has the exact reverse of its intended behavior. This
led to an unintended privilege esculation involving a process'
inheritable capability set.

To be exposed to this bug, you need to have Filesystem Capabilities
enabled and in use. That is:

- CONFIG_SECURITY_FILE_CAPABILITIES must be defined for the buggy code
  to be compiled in.

- You also need to have files on your system marked with fI bits raised.

Signed-off-by: Andrew G. Morgan <morgan@kernel.org>

Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@akpm@linux-foundation.org>
---

Reading git-diff-tree failed