3.16 merge window, part 2
3.16 merge window, part 2
Posted Jun 12, 2014 5:49 UTC (Thu) by luto (guest, #39314)Parent article: 3.16 merge window, part 2
The capable_wrt_inode_uidgid change was the entire fix for CVE-2014-4014. No one as claimed the prize for figuring out the vulnerability yet :)
Posted Jun 13, 2014 7:30 UTC (Fri)
by rvfh (guest, #31018)
[Link]
3.16 merge window, part 2
inode_owner_or_capable() was also modified to support the case where 'current [...] has CAP_FOWNER in a namespace with the inode owner uid mapped'.