Commit eab3d542 authored by Oleg Nesterov's avatar Oleg Nesterov Committed by Greg Kroah-Hartman
Browse files

exit_notify: kill the wrong capable(CAP_KILL) check (CVE-2009-1337) 



CVE-2009-1337

commit 432870da upstream.

The CAP_KILL check in exit_notify() looks just wrong, kill it.

Whatever logic we have to reset ->exit_signal, the malicious user
can bypass it if it execs the setuid application before exiting.

Signed-off-by: default avatarOleg Nesterov <oleg@redhat.com>
Acked-by: default avatarSerge Hallyn <serue@us.ibm.com>
Acked-by: default avatarRoland McGrath <roland@redhat.com>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@suse.de>
parent 1151ad37
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment