[mpm-itk] [patch] Explicitly set setuid and setgid capabilities before privdrop

Steinar H. Gunderson sgunderson at bigfoot.com
Mon Nov 23 23:46:29 CET 2015


On Mon, Nov 23, 2015 at 06:36:43PM -0500, Paul Kilgo wrote:
> In seccomp.c, restrict_setuid_range() seems to unconditionally cap the
> allowable gid's for setgid() to 65535 on my platform (Linux-3.13
> x86_64).

I suppose there's a typo here. For x86-64, the cap for __NR_setgid should be
max_gid, not max_gid16. (It's correct for 32-bit x86, though, where
__NR_setgid takes in 16-bit gids.)

/* Steinar */
-- 
Homepage: https://www.sesse.net/



More information about the mpm-itk mailing list