exit_notify: kill the wrong capable(CAP_KILL) check The CAP_KILL check in exit_notify() looks just wrong, kill it. Whatever logic we have to reset ->exit_signal, the malicious user can bypass it if it execs the setuid application before exiting. Signed-off-by: Oleg Nesterov <oleg@redhat.com> Acked-by: Serge Hallyn <serue@us.ibm.com> Acked-by: Roland McGrath <roland@redhat.com> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

commit: 432870dab85a2f69dc417022646cb9a70acf7f94 [log] [tgz]
author: Oleg Nesterov <oleg@redhat.com> Mon Apr 06 16:16:02 2009 +0200
committer: Linus Torvalds <torvalds@linux-foundation.org> Mon Apr 06 14:57:23 2009 -0700
tree: 4c9c08d7fb77744b1fd04615a76ab0a9105fad07
parent: 22ae77bc7ac115b9d518d5cbc13d39317079b2b0 [diff] [blame]
diff --git a/kernel/exit.c b/kernel/exit.c
index 6686ed1..32cbf26 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c

@@ -837,8 +837,7 @@
 	 */
 	if (tsk->exit_signal != SIGCHLD && !task_detached(tsk) &&
 	    (tsk->parent_exec_id != tsk->real_parent->self_exec_id ||
-	     tsk->self_exec_id != tsk->parent_exec_id) &&
-	    !capable(CAP_KILL))
+	     tsk->self_exec_id != tsk->parent_exec_id))
 		tsk->exit_signal = SIGCHLD;
 
 	signal = tracehook_notify_death(tsk, &cookie, group_dead);
commit	432870dab85a2f69dc417022646cb9a70acf7f94	[log] [tgz]
author	Oleg Nesterov <oleg@redhat.com>	Mon Apr 06 16:16:02 2009 +0200
committer	Linus Torvalds <torvalds@linux-foundation.org>	Mon Apr 06 14:57:23 2009 -0700
tree	4c9c08d7fb77744b1fd04615a76ab0a9105fad07
parent	22ae77bc7ac115b9d518d5cbc13d39317079b2b0 [diff] [blame]