Liav A e598f22768 Kernel: Disallow executing SUID binaries if process is jailed ... Check if the process we are currently running is in a jail, and if that is the case, fail early with the EPERM error code. Also, as Brian noted, we should also disallow attaching to a jail in case of already running within a setid executable, as this leaves the user with false thinking of being secure (because you can't exec new setid binaries), but the current program is still marked setid, which means that at the very least we gained permissions while we didn't expect it, so let's block it.		2022-12-30 15:49:37 -05:00
..
Audio-subsystem.md	Documentation: Change references to uid based sockets to sids	2022-10-03 11:11:29 +02:00
boot_device_addressing.md	Kernel/Storage: Introduce new boot device addressing modes	2022-08-30 00:50:15 +01:00
boot_parameters.md	Base: Use new global variables at /sys/kernel/ directory	2022-10-25 15:33:34 -06:00
Help-index.md	Base: Remove file:// prefix from image	2022-01-17 02:22:33 -08:00
LibDSP_classes.svg	Base: Document the LibDSP structure in a simple class diagram	2022-05-25 23:27:22 +01:00
Mitigations.md	Kernel: Disallow executing SUID binaries if process is jailed	2022-12-30 15:49:37 -05:00
proc.md	Everywhere: Clean up "the the" comment typos	2022-11-03 17:38:32 +00:00
setuid_overview.md	Help+Base: Add help://man URLs for links between man pages	2022-01-11 00:24:57 +01:00
Shell-vars.md	Help+Base: Add help://man URLs for links between man pages	2022-01-11 00:24:57 +01:00
sys.md	Base: Add information about the new /sys/kernel/jails node	2022-11-05 18:00:58 -06:00
SystemServer.md	Help+Base: Add help://man URLs for links between man pages	2022-01-11 00:24:57 +01:00