[rsbac-commit] linux-5.15.y 5.15.114 commit 4361aa035d3a __sys_setresuid(), __sys_setresgid(): move RSBAC check before no-op

1 Jun 2023


      https://git.rsbac.org/cgi-bin/gitweb.cgi?p=linux-5.15.y.git;a=summary
RSBAC for Linux 5.15 (Long Term)
Current version: 5.15.114
commit 4361aa035d3aa3c9371b33f96f8b6659e8a0f7fd
Author: Amon Ott ao@rsbac.org
Date:   Thu Jun 1 08:30:58 2023 +0200
__sys_setresuid(), __sys_setresgid(): move RSBAC check before no-op check.
    The kernel no-op check bypasses the RSBAC check and notification, but in RSBAC,
    setresuid(getuid(), -1, -1) is security relevant and needs to update state.
    As a side effect, we now also check before the kernel capability check and
    might see more RSBAC messages as a result.
kernel/sys.c | 138 ++++++++++++++++++++++++++++-------------------------------
 1 file changed, 66 insertions(+), 72 deletions(-)

2025

2024

2023

2022

[rsbac-commit] linux-5.15.y 5.15.114 commit 4361aa035d3a __sys_setresuid(), __sys_setresgid(): move RSBAC check before no-op