commoncap: Move cap_elevated calculation into bprm_set_creds - linux-dev - Linux kernel development work

diff options

author	Kees Cook <keescook@chromium.org>	2017-07-18 15:25:28 -0700
committer	Kees Cook <keescook@chromium.org>	2017-08-01 12:03:09 -0700
commit	ee67ae7ef6ff499137292ac8a9dfe86096796283 (patch)
tree	6a23c8212426db697546ead1019325504f53114c /security/security.c
parent	commoncap: Refactor to remove bprm_secureexec hook (diff)
download	linux-dev-ee67ae7ef6ff499137292ac8a9dfe86096796283.tar.xz linux-dev-ee67ae7ef6ff499137292ac8a9dfe86096796283.zip

commoncap: Move cap_elevated calculation into bprm_set_creds

Instead of a separate function, open-code the cap_elevated test, which lets us entirely remove bprm->cap_effective (to use the local "effective" variable instead), and more accurately examine euid/egid changes via the existing local "is_setid". The following LTP tests were run to validate the changes: # ./runltp -f syscalls -s cap # ./runltp -f securebits # ./runltp -f cap_bounds # ./runltp -f filecaps All kernel selftests for capabilities and exec continue to pass as well. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Andy Lutomirski <luto@kernel.org>

Diffstat (limited to 'security/security.c')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: