Linux kernel development work - see feature branches https://git.zx2c4.com/linux-dev/atom/security/safesetid/Makefile?h=master 2019-01-25T19:22:45Z 2019-01-25T19:22:45Z Micah Morton mortonm@chromium.org 2019-01-16T15:46:06Z urn:sha1:aeca4e2ca65c1aeacfbe520684e6421719d99417 SafeSetID gates the setid family of syscalls to restrict UID/GID transitions from a given UID/GID to only those approved by a system-wide whitelist. These restrictions also prohibit the given UIDs/GIDs from obtaining auxiliary privileges associated with CAP_SET{U/G}ID, such as allowing a user to set up user namespace UID mappings. For now, only gating the set*uid family of syscalls is supported, with support for set*gid coming in a future patch set. Signed-off-by: Micah Morton <mortonm@chromium.org> Acked-by: Kees Cook <keescook@chromium.org> Signed-off-by: James Morris <james.morris@microsoft.com>