git://ftp.safe.ca
/
safe
/
jmp
/
linux-2.6
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
parisc: convert /proc/pdc/{lcd,led} to seq_file
[safe/jmp/linux-2.6]
/
kernel
/
capability.c
diff --git
a/kernel/capability.c
b/kernel/capability.c
index
c598d9d
..
7f876e6
100644
(file)
--- a/
kernel/capability.c
+++ b/
kernel/capability.c
@@
-29,7
+29,6
@@
EXPORT_SYMBOL(__cap_empty_set);
EXPORT_SYMBOL(__cap_full_set);
EXPORT_SYMBOL(__cap_init_eff_set);
EXPORT_SYMBOL(__cap_full_set);
EXPORT_SYMBOL(__cap_init_eff_set);
-#ifdef CONFIG_SECURITY_FILE_CAPABILITIES
int file_caps_enabled = 1;
static int __init file_caps_disable(char *str)
int file_caps_enabled = 1;
static int __init file_caps_disable(char *str)
@@
-38,7
+37,6
@@
static int __init file_caps_disable(char *str)
return 1;
}
__setup("no_file_caps", file_caps_disable);
return 1;
}
__setup("no_file_caps", file_caps_disable);
-#endif
/*
* More recent versions of libcap are available from:
/*
* More recent versions of libcap are available from:
@@
-161,7
+159,7
@@
static inline int cap_get_target_pid(pid_t pid, kernel_cap_t *pEp,
*
* Returns 0 on success and < 0 on error.
*/
*
* Returns 0 on success and < 0 on error.
*/
-
asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t
dataptr)
+
SYSCALL_DEFINE2(capget, cap_user_header_t, header, cap_user_data_t,
dataptr)
{
int ret = 0;
pid_t pid;
{
int ret = 0;
pid_t pid;
@@
-169,8
+167,8
@@
asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
kernel_cap_t pE, pI, pP;
ret = cap_validate_magic(header, &tocopy);
kernel_cap_t pE, pI, pP;
ret = cap_validate_magic(header, &tocopy);
- if (
ret != 0
)
- return ret;
+ if (
(dataptr == NULL) || (ret != 0)
)
+ return
((dataptr == NULL) && (ret == -EINVAL)) ? 0 :
ret;
if (get_user(pid, &header->pid))
return -EFAULT;
if (get_user(pid, &header->pid))
return -EFAULT;
@@
-235,10
+233,10
@@
asmlinkage long sys_capget(cap_user_header_t header, cap_user_data_t dataptr)
*
* Returns 0 on success and < 0 on error.
*/
*
* Returns 0 on success and < 0 on error.
*/
-
asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t
data)
+
SYSCALL_DEFINE2(capset, cap_user_header_t, header, const cap_user_data_t,
data)
{
struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
{
struct __user_cap_data_struct kdata[_KERNEL_CAPABILITY_U32S];
- unsigned i, tocopy;
+ unsigned i, tocopy
, copybytes
;
kernel_cap_t inheritable, permitted, effective;
struct cred *new;
int ret;
kernel_cap_t inheritable, permitted, effective;
struct cred *new;
int ret;
@@
-255,8
+253,11
@@
asmlinkage long sys_capset(cap_user_header_t header, const cap_user_data_t data)
if (pid != 0 && pid != task_pid_vnr(current))
return -EPERM;
if (pid != 0 && pid != task_pid_vnr(current))
return -EPERM;
- if (copy_from_user(&kdata, data,
- tocopy * sizeof(struct __user_cap_data_struct)))
+ copybytes = tocopy * sizeof(struct __user_cap_data_struct);
+ if (copybytes > sizeof(kdata))
+ return -EFAULT;
+
+ if (copy_from_user(&kdata, data, copybytes))
return -EFAULT;
for (i = 0; i < tocopy; i++) {
return -EFAULT;
for (i = 0; i < tocopy; i++) {
@@
-306,7
+307,7
@@
int capable(int cap)
BUG();
}
BUG();
}
- if (
has_capability(current, cap)
) {
+ if (
security_capable(cap) == 0
) {
current->flags |= PF_SUPERPRIV;
return 1;
}
current->flags |= PF_SUPERPRIV;
return 1;
}