shadow/libmisc
Christian Brauner 91d4ab622b
libmisc: retain setfcap when mapping uid 0
When uid 0 maps host uid 0 into the child userns newer kernels require
CAP_SETFCAP be retained as this allows the caller to create fscaps that
are valid in the ancestor userns. This was a security issue (in very
rare circumstances). So whenever host uid 0 is mapped, retain
CAP_SETFCAP if the caller had it.
Userspace won't need to set CAP_SETFCAP on newuidmap as this is really
only a scenario that real root should be doing which always has
CAP_SETFCAP. And if they don't then they are in a locked-down userns.
(LXC sometimes maps host uid 0 during chown operations in a helper
 userns but will not rely on newuidmap for that. But we don't want to
 risk regressing callers that want to rely on this behavior.)

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-05-06 19:04:42 +02:00
..
.indent.pro
addgrps.c * NEWS, libmisc/addgrps.c: Fix allocator loop. Continue to 2011-06-02 15:36:29 +00:00
age.c
audit_help.c * libmisc/audit_help.c (audit_logger):pgname is not used. We let 2010-08-21 15:22:39 +00:00
basename.c Miscellaneous: 2011-09-18 21:02:43 +00:00
btrfs.c silence compiler warnings 2020-01-12 07:31:26 -06:00
chkname.c chkname.c, pwck.c, useradd.c, usermod.c, newusers.c: Allow names that do not conform to standards 2019-10-04 18:40:41 -05:00
chkname.h
chowndir.c * libmisc/chowndir.c: Add splint annotations. 2011-08-14 14:00:14 +00:00
chowntty.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
cleanup_group.c
cleanup_user.c
cleanup.c * lib/prototypes.h, libmisc/cleanup.c, lib/spawn.c, src/chage.c: 2011-10-18 20:23:33 +00:00
console.c Fix some issues found in Coverity scan. 2018-10-10 12:22:04 +02:00
copydir.c 2012-02-13 Mike Frysinger <vapier@gentoo.org> 2012-02-13 19:16:29 +00:00
entry.c
env.c * libmisc/isexpired.c: Added parenthesis. 2011-06-16 21:25:36 +00:00
failure.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
failure.h spelling: cumulative 2017-10-22 18:33:13 +00:00
find_new_gid.c remove unused variables 2019-10-12 20:03:32 -05:00
find_new_sub_gids.c remove unused and misleading 'owner' argument from find_new_sub* 2020-04-17 16:32:44 -05:00
find_new_sub_uids.c remove unused and misleading 'owner' argument from find_new_sub* 2020-04-17 16:32:44 -05:00
find_new_uid.c remove unused variables 2019-10-12 20:03:32 -05:00
getdate.h * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
getdate.y spelling: gratuitously 2017-10-22 19:17:02 +00:00
getgr_nam_gid.c * lib/prototypes.h, libmisc/getgr_nam_gid.c: getgr_nam_gid() 2011-08-14 13:16:26 +00:00
getrange.c
gettime.c gettime: Use secure_getenv over getenv. 2019-03-31 16:00:01 +01:00
hushed.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
idmapping.c libmisc: retain setfcap when mapping uid 0 2021-05-06 19:04:42 +02:00
idmapping.h subids: support nsswitch 2021-04-16 21:02:37 -05:00
isexpired.c * libmisc/isexpired.c: Added parenthesis. 2011-06-16 21:25:36 +00:00
limits.c * man/limits.5.xml, libmisc/limits.c: Sort limit identifiers. 2011-11-06 18:39:47 +00:00
list.c * libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c, 2010-08-21 15:32:53 +00:00
log.c
loginprompt.c * libmisc/salt.c (SHA_salt_rounds): It is statically ensured that 2011-09-18 20:41:38 +00:00
mail.c
Makefile.am try again to fix libmisc sharing problem 2021-04-11 17:42:04 -05:00
motd.c * libmisc/console.c, libmisc/motd.c, libmisc/setupenv.c, 2010-08-21 15:32:53 +00:00
myname.c
obscure.c Add yescrypt support 2021-02-01 22:11:10 +01:00
pam_pass_non_interactive.c spelling: interactive 2017-10-22 20:24:32 +00:00
pam_pass.c
prefix_flag.c libmisc: Accept --root=path and --prefix=path option syntax 2020-02-07 21:57:12 +00:00
pwd2spwd.c Make the sp_lstchg shadow field reproducible (re. #71) 2019-03-31 16:00:01 +01:00
pwd_init.c
pwdcheck.c
remove_tree.c Integrate review comments from Julien Cristau 2010-09-05 15:34:42 +00:00
rlogin.c
root_flag.c libmisc: Accept --root=path and --prefix=path option syntax 2020-02-07 21:57:12 +00:00
salt.c Add yescrypt support 2021-02-01 22:11:10 +01:00
setugid.c Updated copyrights. 2010-08-22 13:04:54 +00:00
setupenv.c spelling: else 2017-10-22 19:08:39 +00:00
shell.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
strtoday.c spelling: cumulative 2017-10-22 18:33:13 +00:00
sub.c Fix typo in comment. 2013-08-04 15:56:32 +02:00
sulog.c Updated copyrights. 2010-08-22 13:04:54 +00:00
ttytype.c * libmisc/limits.c: Avoid implicit conversion of integer to 2010-08-22 19:13:53 +00:00
tz.c Updated copyrights. 2010-08-22 13:04:54 +00:00
ulimit.c
user_busy.c Do not mistake a regular user process for a namespaced one 2020-01-21 09:16:10 +01:00
utmp.c Support systems that only have utmpx 2018-06-24 00:13:12 -05:00
valid.c crypt() in glibc/eglibc 2.17 now fails if passed 2013-07-28 18:41:11 +02:00
xgetgrgid.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetgrnam.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetpwnam.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetpwuid.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetspnam.c * libmisc/xgetXXbyYY.c, libmisc/xgetpwnam.c, libmisc/xgetgrnam.c, 2009-06-11 21:33:00 +00:00
xgetXXbyYY.c Re-indent. 2011-11-06 18:40:06 +00:00
xmalloc.c xfree: move xfree() function to xmalloc.c 2020-10-15 21:52:06 -04:00
yesno.c