patch-2.1.126 linux/fs/exec.c

• Lines: 34
• Date: Wed Oct 21 10:02:48 1998
• Orig file: v2.1.125/linux/fs/exec.c
• Orig date: Sat Sep 5 16:46:41 1998

diff -u --recursive --new-file v2.1.125/linux/fs/exec.c linux/fs/exec.c
@@ -702,17 +702,17 @@
 
 void compute_creds(struct linux_binprm *bprm) 
 {
+	int new_permitted = cap_t(bprm->cap_permitted) |
+		(cap_t(bprm->cap_inheritable) & 
+		 cap_t(current->cap_inheritable));
+
 	/* For init, we want to retain the capabilities set
          * in the init_task struct. Thus we skip the usual
          * capability rules */
 	if (current->pid != 1) {
-		int new_permitted = bprm->cap_permitted.cap |
-			(bprm->cap_inheritable.cap & 
-			current->cap_inheritable.cap);
-
-		current->cap_permitted.cap = new_permitted;
-		current->cap_effective.cap = new_permitted & 
-						bprm->cap_effective.cap;
+		cap_t(current->cap_permitted) = new_permitted;
+		cap_t(current->cap_effective) = new_permitted & 
+						cap_t(bprm->cap_effective);
 	}
 	
         /* AUD: Audit candidate if current->cap_effective is set */
@@ -720,7 +720,7 @@
         current->suid = current->euid = current->fsuid = bprm->e_uid;
         current->sgid = current->egid = current->fsgid = bprm->e_gid;
         if (current->euid != current->uid || current->egid != current->gid ||
-	    !cap_isclear(current->cap_permitted))
+	    !cap_issubset(new_permitted, current->cap_permitted))
                 current->dumpable = 0;
 }