23.04.2024 19:44, Andy Lutomirski пишет:
Also, there are lots of ways that f_cred could be relevant: fsuid/fsgid, effective capabilities and security labels. And it gets more complex if this ever gets extended to support connecting or sending to a socket or if someone opens a device node. Does CAP_SYS_ADMIN carry over?
I posted a v3 where I only override fsuid, fsgid and group_info. Capabilities and whatever else are not overridden to avoid security risks. Does this address your concern? Note that I think your other concerns are already addressed, I just added a bit more of a description now.
