Thread (30 messages) 30 messages, 4 authors, 2017-09-20
STALE3206d REVIEWED: 1 (0M)
Revisions (6)
  1. v3 [diff vs current]
  2. v3 [diff vs current]
  3. v3 [diff vs current]
  4. v4 [diff vs current]
  5. v4 current
  6. v5 [diff vs current]

[PATCH V4 08/10] capabilities: invert logic for clarity

From: Kees Cook <hidden>
Date: 2017-09-08 18:27:01

On Mon, Sep 4, 2017 at 11:46 PM, Richard Guy Briggs [off-list ref] wrote:
The way the logic was presented, it was awkward to read and verify.
Invert the logic using DeMorgan's Law to be more easily able to read and
understand.

Signed-off-by: Richard Guy Briggs <redacted>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Acked-by: James Morris <redacted>
Acked-by: Kees Cook <redacted>

-Kees
quoted hunk ↗ jump to hunk
---
 security/commoncap.c |    8 ++++----
 1 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/security/commoncap.c b/security/commoncap.c
index cf95d73..7e8041d 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -544,10 +544,10 @@ static inline bool nonroot_raised_pE(struct cred *cred, kuid_t root)
        bool ret = false;

        if (__cap_grew(effective, ambient, cred) &&
-           (!__cap_full(effective, cred) ||
-            !__is_eff(root, cred) ||
-            !__is_real(root, cred) ||
-            !root_privileged()))
+           !(__cap_full(effective, cred) &&
+             __is_eff(root, cred) &&
+             __is_real(root, cred) &&
+             root_privileged()))
                ret = true;
        return ret;
 }
--
1.7.1


-- 
Kees Cook
Pixel Security
--
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help