Re: [PATCH v3 07/15] commoncap: Move cap_elevated calculation into bprm_set_creds

James Morris <jmorris@xxxxxxxxx> · Wed, 19 Jul 2017 19:28:31 +1000 (AEST)

On Tue, 18 Jul 2017, Kees Cook wrote:

> Instead of a separate function, open-code the cap_elevated test, which
> lets us entirely remove bprm->cap_effective (to use the local "effective"
> variable instead), and more accurately examine euid/egid changes via the
> existing local "is_setid".
> 
> Cc: Serge Hallyn <serge@xxxxxxxxxx>
> Cc: Andy Lutomirski <luto@xxxxxxxxxx>
> Signed-off-by: Kees Cook <keescook@xxxxxxxxxxxx>

Reviewed-by: James Morris <james.l.morris@xxxxxxxxxx>

-- 
James Morris
<jmorris@xxxxxxxxx>