git: kernel - Fix serious root vulnerabilities in the caps code
Matthew Dillon
dillon at crater.dragonflybsd.org
Fri Feb 6 14:39:39 PST 2026
commit 35a77c5f59b2672791fb3ec993bc237d09beb5f3
Author: Matthew Dillon <dillon at apollo.backplane.com>
Date: Fri Feb 6 14:36:27 2026 -0800
kernel - Fix serious root vulnerabilities in the caps code
* The caps code was inadvertently allowing many root-only operations
to be run from user mode, particularly mount/umount ops by assuming
a root creds check that was not taking place in some of the API
calls, but was taking place in others.
* All API calls now check root creds by default unless passed the
appropriate flag.
Found-by: ivadasz (Imre Vadasz)
Summary of changes:
sys/kern/kern_caps.c | 16 ++++++++--------
sys/kern/kern_exec.c | 8 ++++----
sys/kern/kern_shutdown.c | 4 +++-
sys/kern/kern_sig.c | 2 +-
sys/kern/vfs_syscalls.c | 12 ++++++++++--
sys/sys/caps.h | 6 ++++--
6 files changed, 30 insertions(+), 18 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/35a77c5f59b2672791fb3ec993bc237d09beb5f3
--
DragonFly BSD source repository
More information about the Commits
mailing list