Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
prctl: use CAP_SYS_RESOURCE for PR_SET_MM option
CAP_SYS_ADMIN is already overloaded left and right, so to have more fine-grained access control use CAP_SYS_RESOURCE here. The CAP_SYS_RESOUCE is chosen because this prctl option allows a current process to adjust some fields of memory map descriptor which rather represents what the process owns: pointers to code, data, stack segments, command line, auxiliary vector data and etc. Suggested-by: Michael Kerrisk <[email protected]> Acked-by: Kees Cook <[email protected]> Acked-by: Michael Kerrisk <[email protected]> Cc: Pavel Emelyanov <[email protected]> Cc: Tejun Heo <[email protected]> Cc: Oleg Nesterov <[email protected]> Cc: Paul Bolle <[email protected]> Cc: KOSAKI Motohiro <[email protected]> Signed-off-by: Cyrill Gorcunov <[email protected]> Signed-off-by: Andrew Morton <[email protected]> Signed-off-by: Linus Torvalds <[email protected]>
- Loading branch information