kernel: Only expose su when daemon is running

It has been claimed that the PG implementation of 'su' has security vulnerabilities even when disabled. Unfortunately, the people that find these vulnerabilities often like to keep them private so they can profit from exploits while leaving users exposed to malicious hackers. In order to reduce the attack surface for vulnerabilites, it is therefore necessary to make 'su' completely inaccessible when it is not in use (except by the root and system users). Change-Id: I79716c72f74d0b7af34ec3a8054896c6559a181d Signed-off-by: Davide Garberi <dade.garberi@gmail.com>
author: Tom Marshall <tdm.code@gmail.com> 2017-01-25 18:01:03 +0100
committer: Davide Garberi <dade.garberi@gmail.com> 2022-07-27 19:23:19 +0200
commit: 08ff8a2e58eb226015fa68d577121137a7e0953f (patch)
tree: 6804e0881c1588dd335fbcdacb7a46f2c95f412f /include/linux/uidgid.h
parent: e604a08d460859ac6de5dff7a19f2340edcc7ae8 (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
index 03835522dfcb..83504b1be16e 100644
--- a/include/linux/uidgid.h
+++ b/include/linux/uidgid.h
@@ -54,6 +54,9 @@ static inline gid_t __kgid_val(kgid_t gid)
 #define GLOBAL_ROOT_UID KUIDT_INIT(0)
 #define GLOBAL_ROOT_GID KGIDT_INIT(0)
 
+#define GLOBAL_SYSTEM_UID KUIDT_INIT(1000)
+#define GLOBAL_SYSTEM_GID KGIDT_INIT(1000)
+
 #define INVALID_UID KUIDT_INIT(-1)
 #define INVALID_GID KGIDT_INIT(-1)
author	Tom Marshall <tdm.code@gmail.com>	2017-01-25 18:01:03 +0100
committer	Davide Garberi <dade.garberi@gmail.com>	2022-07-27 19:23:19 +0200
commit	08ff8a2e58eb226015fa68d577121137a7e0953f (patch)
tree	6804e0881c1588dd335fbcdacb7a46f2c95f412f /include/linux/uidgid.h
parent	e604a08d460859ac6de5dff7a19f2340edcc7ae8 (diff)