Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Apr 2009 12:51:05 +0800
From: Eugene Teo <>
CC: "Steven M. Christey" <>
Subject: CVE request: kernel: missing capabilities in fs_mask

"When POSIX capabilities were introduced during the 2.1 Linux cycle, the
fs mask, which represents the capabilities which having fsuid==0 is
supposed to grant, did not include CAP_MKNOD and CAP_LINUX_IMMUTABLE.
However, before capabilities the privilege to call these did in fact
depend upon fsuid==0.

This patch introduces those capabilities into the fsmask, restoring the
old behavior.

See the thread starting at for reference.

Note that if this fix is deemed valid, then earlier kernel versions (2.4
and 2.2) ought to be fixed too.

 [Mar 23] Actually delete old CAP_FS_SET definition...
 [Mar 20] Updated against J. Bruce Fields's patch"


Thanks, Eugene
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.