groups: Consolidate the setgroups permission checks Today there are 3 instances of setgroups and due to an oversight their permission checking has diverged. Add a common function so that they may all share the same permission checking code. This corrects the current oversight in the current permission checks and adds a helper to avoid this in the future. A user namespace security fix will update this new helper, shortly. Cc: stable@vger.kernel.org Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>

commit: 7ff4d90b4c24a03666f296c3d4878cd39001e81e [log] [tgz]
author: Eric W. Biederman <ebiederm@xmission.com> Fri Dec 05 17:19:27 2014 -0600
committer: Eric W. Biederman <ebiederm@xmission.com> Fri Dec 05 17:19:27 2014 -0600
tree: 757293c98c93eec1c5b7caae149c34e49bb824c5
parent: 4fed655c410cc56add64c7b1f7c85c7c56066ac2 [diff] [blame]
diff --git a/include/linux/cred.h b/include/linux/cred.h
index b2d0820..2fb2ca2 100644
--- a/include/linux/cred.h
+++ b/include/linux/cred.h

@@ -68,6 +68,7 @@
 extern int set_current_groups(struct group_info *);
 extern void set_groups(struct cred *, struct group_info *);
 extern int groups_search(const struct group_info *, kgid_t);
+extern bool may_setgroups(void);
 
 /* access the groups "array" with this macro */
 #define GROUP_AT(gi, i) \
commit	7ff4d90b4c24a03666f296c3d4878cd39001e81e	[log] [tgz]
author	Eric W. Biederman <ebiederm@xmission.com>	Fri Dec 05 17:19:27 2014 -0600
committer	Eric W. Biederman <ebiederm@xmission.com>	Fri Dec 05 17:19:27 2014 -0600
tree	757293c98c93eec1c5b7caae149c34e49bb824c5
parent	4fed655c410cc56add64c7b1f7c85c7c56066ac2 [diff] [blame]