Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Apr 2009 13:49:21 +0800
From: Eugene Teo <>
CC: "Steven M. Christey" <>
Subject: Re: CVE request: kernel: missing capabilities in fs_mask

Eugene Teo wrote:
> "When POSIX capabilities were introduced during the 2.1 Linux cycle, the
> fs mask, which represents the capabilities which having fsuid==0 is
> supposed to grant, did not include CAP_MKNOD and CAP_LINUX_IMMUTABLE.
> However, before capabilities the privilege to call these did in fact
> depend upon fsuid==0.
> This patch introduces those capabilities into the fsmask, restoring the
> old behavior.
> See the thread starting at for reference.
> Note that if this fix is deemed valid, then earlier kernel versions (2.4
> and 2.2) ought to be fixed too.
> Changelog:
>  [Mar 23] Actually delete old CAP_FS_SET definition...
>  [Mar 20] Updated against J. Bruce Fields's patch"
> References:

Here's the link to the kernel 2.4 patch:;a=commitdiff;h=1c06d5237647db43cb2043a19cb393f4ed4d942f

Thanks, Eugene
Eugene Teo / Red Hat Security Response Team

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.