Subject: [PATCH] Add pspace support to sys_capget and sys_capset From: Eric W. Biederman Date: 1129807028 -0600 --- kernel/capability.c | 10 ++++++---- 1 files changed, 6 insertions(+), 4 deletions(-) 5078dd556d9bd3d2120c8c23c610ba45de56f54b diff --git a/kernel/capability.c b/kernel/capability.c index 8986a37..e4c70fa 100644 --- a/kernel/capability.c +++ b/kernel/capability.c @@ -11,6 +11,7 @@ #include #include #include +#include #include unsigned securebits = SECUREBITS_DEFAULT; /* systemwide security settings */ @@ -62,6 +63,7 @@ asmlinkage long sys_capget(cap_user_head if (pid < 0) return -EINVAL; + pid = pid_from_user(pid); spin_lock(&task_capability_lock); read_lock(&tasklist_lock); @@ -187,7 +189,7 @@ asmlinkage long sys_capset(cap_user_head if (get_user(pid, &header->pid)) return -EFAULT; - if (pid && pid != current->pid && !capable(CAP_SETPCAP)) + if (pid && pid_from_user(pid) != current->pid && !capable(CAP_SETPCAP)) return -EPERM; if (copy_from_user(&effective, &data->effective, sizeof(effective)) || @@ -198,8 +200,8 @@ asmlinkage long sys_capset(cap_user_head spin_lock(&task_capability_lock); read_lock(&tasklist_lock); - if (pid > 0 && pid != current->pid) { - target = find_task_by_pid(pid); + if (pid > 0 && pid_from_user(pid) != current->pid) { + target = find_task_by_pid(pid_from_user(pid)); if (!target) { ret = -ESRCH; goto out; @@ -216,7 +218,7 @@ asmlinkage long sys_capset(cap_user_head ret = cap_set_all(&effective, &inheritable, &permitted); else /* all procs in process group */ - ret = cap_set_pg(-pid, &effective, &inheritable, + ret = cap_set_pg(pid_from_user(-pid), &effective, &inheritable, &permitted); } else { ret = security_capset_check(target, &effective, &inheritable, -- 1.0.GIT