From: Stephen Rothwell Date: Mon, 30 Apr 2012 03:26:05 +0000 (+1000) Subject: Merge remote-tracking branch 'security/next' X-Git-Tag: next-20120430~35 X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=5b908a2473a8c9de51de4bd2f40ee6728aa293b6;p=karo-tx-linux.git Merge remote-tracking branch 'security/next' Conflicts: include/linux/filter.h --- 5b908a2473a8c9de51de4bd2f40ee6728aa293b6 diff --cc include/asm-generic/siginfo.h index 5e5e3865f1ed,af5d0350f84c..8ed67779fc09 --- a/include/asm-generic/siginfo.h +++ b/include/asm-generic/siginfo.h @@@ -98,9 -90,18 +98,18 @@@ typedef struct siginfo __ARCH_SI_BAND_T _band; /* POLL_IN, POLL_OUT, POLL_MSG */ int _fd; } _sigpoll; + + /* SIGSYS */ + struct { + void __user *_call_addr; /* calling user insn */ + int _syscall; /* triggering system call number */ + unsigned int _arch; /* AUDIT_ARCH_* of syscall */ + } _sigsys; } _sifields; -} siginfo_t; +} __ARCH_SI_ATTRIBUTES siginfo_t; + /* If the arch shares siginfo, then it has SIGSYS. */ + #define __ARCH_SIGSYS #endif /* diff --cc include/linux/filter.h index 72090994d789,f2e53152e835..82b01357af8b --- a/include/linux/filter.h +++ b/include/linux/filter.h @@@ -232,7 -239,7 +243,8 @@@ enum BPF_S_ANC_HATYPE, BPF_S_ANC_RXHASH, BPF_S_ANC_CPU, + BPF_S_ANC_ALU_XOR_X, + BPF_S_ANC_SECCOMP_LD_W, }; #endif /* __KERNEL__ */ diff --cc security/commoncap.c index 71a166a05975,edd3918fac02..f80d11609391 --- a/security/commoncap.c +++ b/security/commoncap.c @@@ -506,13 -505,10 +506,15 @@@ int cap_bprm_set_creds(struct linux_bin } skip: + /* if we have fs caps, clear dangerous personality flags */ + if (!cap_issubset(new->cap_permitted, old->cap_permitted)) + bprm->per_clear |= PER_CLEAR_ON_SETID; + + /* Don't let someone trace a set[ug]id/setpcap binary with the revised - * credentials unless they have the appropriate permit + * credentials unless they have the appropriate permit. + * + * In addition, if NO_NEW_PRIVS, then ensure we get no new privs. */ if ((new->euid != old->uid || new->egid != old->gid ||