user/sven/linux.git/kernel/uid16.c, branch v3.12.33 Linux Kernel https://git.stealer.net/cgit.cgi/user/sven/linux.git/atom?h=v3.12.33 2013-08-31T06:44:11Z userns: Kill nsown_capable it makes the wrong thing easy 2013-08-31T06:44:11Z Eric W. Biederman ebiederm@xmission.com 2013-03-20T19:49:49Z urn:sha1:c7b96acf1456ef127fef461fcfedb54b81fecfbb nsown_capable is a special case of ns_capable essentially for just CAP_SETUID and CAP_SETGID. For the existing users it doesn't noticably simplify things and from the suggested patches I have seen it encourages people to do the wrong thing. So remove nsown_capable. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> make SYSCALL_DEFINE<n>-generated wrappers do asmlinkage_protect 2013-03-04T03:58:33Z Al Viro viro@zeniv.linux.org.uk 2013-01-21T20:25:54Z urn:sha1:2cf0966683430b6468f36ca20515a33ca7f2403c ... and switch i386 to HAVE_SYSCALL_WRAPPERS, killing open-coded uses of asmlinkage_protect() in a bunch of syscalls. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk> userns: Convert setting and getting uid and gid system calls to use kuid and kgid 2012-05-03T10:28:41Z Eric W. Biederman ebiederm@xmission.com 2012-02-08T02:51:01Z urn:sha1:a29c33f4e506e1dae7e0985b6328046535becbf8 Convert setregid, setgid, setreuid, setuid, setresuid, getresuid, setresgid, getresgid, setfsuid, setfsgid, getuid, geteuid, getgid, getegid, waitpid, waitid, wait4. Convert userspace uids and gids into kuids and kgids before being placed on struct cred. Convert struct cred kuids and kgids into userspace uids and gids when returning them. Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> userns: Convert group_info values from gid_t to kgid_t. 2012-05-03T10:27:21Z Eric W. Biederman ebiederm@xmission.com 2011-11-14T23:56:38Z urn:sha1:ae2975bc3476243b45a1e2344236d7920c268f38 As a first step to converting struct cred to be all kuid_t and kgid_t values convert the group values stored in group_info to always be kgid_t values. Unless user namespaces are used this change should have no effect. Acked-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> userns: user namespaces: convert several capable() calls 2011-03-24T02:47:08Z Serge E. Hallyn serge@hallyn.com 2011-03-23T23:43:24Z urn:sha1:b0e77598f87107001a00b8a4ece9c95e4254ccc4 CAP_IPC_OWNER and CAP_IPC_LOCK can be checked against current_user_ns(), because the resource comes from current's own ipc namespace. setuid/setgid are to uids in own namespace, so again checks can be against current_user_ns(). Changelog: Jan 11: Use task_ns_capable() in place of sched_capable(). Jan 11: Use nsown_capable() as suggested by Bastian Blank. Jan 11: Clarify (hopefully) some logic in futex and sched.c Feb 15: use ns_capable for ipc, not nsown_capable Feb 23: let copy_ipcs handle setting ipc_ns->user_ns Feb 23: pass ns down rather than taking it from current [akpm@linux-foundation.org: coding-style fixes] Signed-off-by: Serge E. Hallyn <serge.hallyn@canonical.com> Acked-by: "Eric W. Biederman" <ebiederm@xmission.com> Acked-by: Daniel Lezcano <daniel.lezcano@free.fr> Acked-by: David Howells <dhowells@redhat.com> Cc: James Morris <jmorris@namei.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> headers: utsname.h redux 2009-09-24T01:13:10Z Alexey Dobriyan adobriyan@gmail.com 2009-09-24T00:22:25Z urn:sha1:2bcd57ab61e7cabed626226a3771617981c11ce1 * remove asm/atomic.h inclusion from linux/utsname.h -- not needed after kref conversion * remove linux/utsname.h inclusion from files which do not need it NOTE: it looks like fs/binfmt_elf.c do not need utsname.h, however due to some personality stuff it _is_ needed -- cowardly leave ELF-related headers and files alone. Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> [CVE-2009-0029] System call wrappers part 19 2009-01-14T13:15:26Z Heiko Carstens heiko.carstens@de.ibm.com 2009-01-14T13:14:21Z urn:sha1:003d7ab479168132a2b2c6700fe682b08f08ab0c Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> [CVE-2009-0029] System call wrappers part 18 2009-01-14T13:15:25Z Heiko Carstens heiko.carstens@de.ibm.com 2009-01-14T13:14:20Z urn:sha1:a6b42e83f249aad723589b2bdf6d1dfb2b0997c8 Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> [CVE-2009-0029] System call wrappers part 17 2009-01-14T13:15:25Z Heiko Carstens heiko.carstens@de.ibm.com 2009-01-14T13:14:19Z urn:sha1:ca013e945b1ba5828b151ee646946f1297b67a4c Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com> CRED: Wrap current->cred and a few other accessors 2008-11-13T23:39:18Z David Howells dhowells@redhat.com 2008-11-13T23:39:18Z urn:sha1:86a264abe542cfececb4df129bc45a0338d8cdb9 Wrap current->cred and a few other accessors to hide their actual implementation. Signed-off-by: David Howells <dhowells@redhat.com> Acked-by: James Morris <jmorris@namei.org> Acked-by: Serge Hallyn <serue@us.ibm.com> Signed-off-by: James Morris <jmorris@namei.org>