diff options
authorCyrill Gorcunov <>2012-03-15 15:17:10 -0700
committerLinus Torvalds <>2012-03-15 17:03:03 -0700
commit79f0713d403c800db9d89134e2fd7f846e68d6ee (patch)
parent9bbad7da76b3dd578fb55c862624366a8c9ccd22 (diff)
prctl: use CAP_SYS_RESOURCE for PR_SET_MM option
CAP_SYS_ADMIN is already overloaded left and right, so to have more fine-grained access control use CAP_SYS_RESOURCE here. The CAP_SYS_RESOUCE is chosen because this prctl option allows a current process to adjust some fields of memory map descriptor which rather represents what the process owns: pointers to code, data, stack segments, command line, auxiliary vector data and etc. Suggested-by: Michael Kerrisk <> Acked-by: Kees Cook <> Acked-by: Michael Kerrisk <> Cc: Pavel Emelyanov <> Cc: Tejun Heo <> Cc: Oleg Nesterov <> Cc: Paul Bolle <> Cc: KOSAKI Motohiro <> Signed-off-by: Cyrill Gorcunov <> Signed-off-by: Andrew Morton <> Signed-off-by: Linus Torvalds <>
1 files changed, 1 insertions, 1 deletions
diff --git a/kernel/sys.c b/kernel/sys.c
index 40701538fbd1..888d227fd195 100644
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1706,7 +1706,7 @@ static int prctl_set_mm(int opt, unsigned long addr,
if (arg4 | arg5)
return -EINVAL;
- if (!capable(CAP_SYS_ADMIN))
+ if (!capable(CAP_SYS_RESOURCE))
return -EPERM;
if (addr >= TASK_SIZE)