)]}'
{"id":"LineageOS%2Fandroid_kernel_lenovo_msm8974~229084","triplet_id":"LineageOS%2Fandroid_kernel_lenovo_msm8974~lineage-15.1~I3423f94074062ebbca37cab80c9348c707f78af0","project":"LineageOS/android_kernel_lenovo_msm8974","branch":"lineage-15.1","hashtags":[],"change_id":"I3423f94074062ebbca37cab80c9348c707f78af0","subject":"Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs","status":"ABANDONED","created":"2018-09-15 22:45:37.000000000","updated":"2018-10-02 15:13:21.000000000","total_comment_count":0,"unresolved_comment_count":0,"has_review_started":true,"meta_rev_id":"eb38f589b9f59d865d88dd3bb4ddf1397f55e781","_number":229084,"virtual_id_number":229084,"owner":{"_account_id":13837,"name":"Jan Dula","email":"frantisheq@gmail.com","username":"frantisheq","avatars":[{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"actions":{},"labels":{"Verified":{"all":[{"value":0,"permitted_voting_range":{"min":-1,"max":1},"_account_id":13837,"name":"Jan Dula","email":"frantisheq@gmail.com","username":"frantisheq","avatars":[{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fails"," 0":"No score","+1":"Verified"},"description":"","default_value":0},"Code-Review":{"all":[{"value":0,"permitted_voting_range":{"min":-2,"max":1},"_account_id":13837,"name":"Jan Dula","email":"frantisheq@gmail.com","username":"frantisheq","avatars":[{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-2":"Do not submit","-1":"I would prefer that you didn\u0027t submit this"," 0":"No score","+1":"Looks good to me, but someone else must approve","+2":"Looks good to me, approved"},"description":"","default_value":0},"CI":{"all":[{"_account_id":13837,"name":"Jan Dula","email":"frantisheq@gmail.com","username":"frantisheq","avatars":[{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}],"values":{"-1":"Fail"," 0":"No score","+1":"Pass"},"description":"","default_value":0,"optional":true}},"removable_reviewers":[],"reviewers":{"REVIEWER":[{"_account_id":13837,"name":"Jan Dula","email":"frantisheq@gmail.com","username":"frantisheq","avatars":[{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]}]},"pending_reviewers":{},"reviewer_updates":[],"messages":[{"id":"c7e881f12f8f366ad9182e1783035ceddba7e606","tag":"autogenerated:gerrit:newPatchSet","author":{"_account_id":13837,"name":"Jan Dula","email":"frantisheq@gmail.com","username":"frantisheq","avatars":[{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2018-09-15 22:45:37.000000000","message":"Uploaded patch set 1.","accounts_in_message":[],"_revision_number":1},{"id":"eb38f589b9f59d865d88dd3bb4ddf1397f55e781","tag":"autogenerated:gerrit:abandon","author":{"_account_id":13837,"name":"Jan Dula","email":"frantisheq@gmail.com","username":"frantisheq","avatars":[{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"date":"2018-10-02 15:13:21.000000000","message":"Abandoned","accounts_in_message":[],"_revision_number":1}],"current_revision_number":1,"current_revision":"d3e14daf99a93ba5548e5e9a1dfed0ff0faeeb8b","revisions":{"d3e14daf99a93ba5548e5e9a1dfed0ff0faeeb8b":{"kind":"REWORK","_number":1,"created":"2018-09-15 22:45:37.000000000","uploader":{"_account_id":13837,"name":"Jan Dula","email":"frantisheq@gmail.com","username":"frantisheq","avatars":[{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d32","height":32},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d56","height":56},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d100","height":100},{"url":"https://www.gravatar.com/avatar/2eaafcfbf1aa3840a7c3a8082483dc80.jpg?d\u003didenticon\u0026r\u003dpg\u0026s\u003d120","height":120}]},"ref":"refs/changes/84/229084/1","fetch":{"anonymous http":{"url":"https://github.com/LineageOS/android_kernel_lenovo_msm8974","ref":"refs/changes/84/229084/1","commands":{"Branch":"git fetch https://github.com/LineageOS/android_kernel_lenovo_msm8974 refs/changes/84/229084/1 \u0026\u0026 git checkout -b change-229084 FETCH_HEAD","Checkout":"git fetch https://github.com/LineageOS/android_kernel_lenovo_msm8974 refs/changes/84/229084/1 \u0026\u0026 git checkout FETCH_HEAD","Cherry Pick":"git fetch https://github.com/LineageOS/android_kernel_lenovo_msm8974 refs/changes/84/229084/1 \u0026\u0026 git cherry-pick FETCH_HEAD","Format Patch":"git fetch https://github.com/LineageOS/android_kernel_lenovo_msm8974 refs/changes/84/229084/1 \u0026\u0026 git format-patch -1 --stdout FETCH_HEAD","Pull":"git pull https://github.com/LineageOS/android_kernel_lenovo_msm8974 refs/changes/84/229084/1","Reset To":"git fetch https://github.com/LineageOS/android_kernel_lenovo_msm8974 refs/changes/84/229084/1 \u0026\u0026 git reset --hard FETCH_HEAD"}}},"commit":{"parents":[{"commit":"a64160a09f342b697742511e5265686997b96655","subject":"net: core: add UID to flows, rules, and routes","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_kernel_lenovo_msm8974/commit/a64160a09f342b697742511e5265686997b96655"}]}],"author":{"name":"Andy Lutomirski","email":"luto@amacapital.net","date":"2012-01-30 16:17:26.000000000","tz":-480},"committer":{"name":"Jan Dula","email":"frantisheq@gmail.com","date":"2018-09-15 22:45:21.000000000","tz":120},"subject":"Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs","message":"Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs\n\nWith this change, calling\n  prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)\ndisables privilege granting operations at execve-time.  For example, a\nprocess will not be able to execute a setuid binary to change their uid\nor gid if this bit is set.  The same is true for file capabilities.\n\nAdditionally, LSM_UNSAFE_NO_NEW_PRIVS is defined to ensure that\nLSMs respect the requested behavior.\n\nTo determine if the NO_NEW_PRIVS bit is set, a task may call\n  prctl(PR_GET_NO_NEW_PRIVS, 0, 0, 0, 0);\nIt returns 1 if set and 0 if it is not set. If any of the arguments are\nnon-zero, it will return -1 and set errno to -EINVAL.\n(PR_SET_NO_NEW_PRIVS behaves similarly.)\n\nThis functionality is desired for the proposed seccomp filter patch\nseries.  By using PR_SET_NO_NEW_PRIVS, it allows a task to modify the\nsystem call behavior for itself and its child tasks without being\nable to impact the behavior of a more privileged task.\n\nAnother potential use is making certain privileged operations\nunprivileged.  For example, chroot may be considered \"safe\" if it cannot\naffect privileged tasks.\n\nNote, this patch causes execve to fail when PR_SET_NO_NEW_PRIVS is\nset and AppArmor is in use.  It is fixed in a subsequent patch.\n\nSigned-off-by: Andy Lutomirski \u003cluto@amacapital.net\u003e\nSigned-off-by: Will Drewry \u003cwad@chromium.org\u003e\nAcked-by: Eric Paris \u003ceparis@redhat.com\u003e\n\nv18: updated change desc\nv17: using new define values as per 3.4\n\nConflicts:\n\tinclude/linux/prctl.h\n\tkernel/sys.c\n\nChange-Id: I3423f94074062ebbca37cab80c9348c707f78af0\n","web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_kernel_lenovo_msm8974/commit/d3e14daf99a93ba5548e5e9a1dfed0ff0faeeb8b"}],"resolve_conflicts_web_links":[{"name":"GitHub","tooltip":"Open in GitWeb","url":"https://github.com/LineageOS/android_kernel_lenovo_msm8974/commit/d3e14daf99a93ba5548e5e9a1dfed0ff0faeeb8b"}]},"parents_data":[{"branch_name":"refs/heads/lineage-15.1","commit_id":"a64160a09f342b697742511e5265686997b96655","is_merged_in_target_branch":false,"change_id":"Iea98e6fedd0fd4435a1f4efa3deb3629505619ab","change_number":229083,"patch_set_number":1,"change_status":"ABANDONED"}],"branch":"refs/heads/lineage-15.1"}},"requirements":[],"submit_records":[],"submit_requirements":[]}