diff options
| author |   Eric W. Biederman <ebiederm@xmission.com> | 2020-05-31 15:02:36 -0500 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2020-05-31 15:02:36 -0500 |
| commit | 3977e285ee89a94699255dbbf6eeea13889a1083 (patch) | |
| tree | 378ea4452668d448b0834fd08008a5f81619f1fd /include/linux/binfmts.h | |
| parent | Merge commit a4ae32c71fe9 ("exec: Always set cap_ambient in cap_bprm_set_creds") (diff) | |
| parent | exec: Compute file based creds only once (diff) | |
| download | wireguard-linux-3977e285ee89a94699255dbbf6eeea13889a1083.tar.xz wireguard-linux-3977e285ee89a94699255dbbf6eeea13889a1083.zip | |
exec: Remove the recomputation of bprm->cred
Recomputing the uids, gids, capabilities, and related flags each time a
new bprm->file is set is error prone and unnecessary.
This set of changes splits per_clear temporarily into two separate
variables. This is the last change necessary to ensure that
everything that is computed from brpm->file in bprm->cred is
recomputed every time a new bprm->file is set. Then the code is
refactored to compute bprm->cred from bprm->file when the final
brpm->file is known, removing the need for recomputation entirely.
Doing this in two steps should allow anyone who has problems later to
bisect and tell if it was the semantic change or the refactoring that
caused them problems.
Eric W. Biederman (2):
exec: Add a per bprm->file version of per_clear
exec: Compute file based creds only once
fs/binfmt_misc.c | 2 +-
fs/exec.c | 57 ++++++++++++++++++-------------------------
include/linux/binfmts.h | 9 ++-----
include/linux/lsm_hook_defs.h | 2 +-
include/linux/lsm_hooks.h | 22 +++++++++--------
include/linux/security.h | 9 ++++---
security/commoncap.c | 22 +++++++++--------
security/security.c | 4 +--
8 files changed, 59 insertions(+), 68 deletions(-)
Merge branch 'exec-norecompute-v2' into exec-next
Diffstat (limited to 'include/linux/binfmts.h')
| -rw-r--r-- | include/linux/binfmts.h | 9 |
1 files changed, 2 insertions, 7 deletions
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 7fc05929c967..aece1b340e7d 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -29,13 +29,8 @@ struct linux_binprm { /* Should an execfd be passed to userspace? */ have_execfd:1, - /* It is safe to use the creds of a script (see binfmt_misc) */ - preserve_creds:1, - /* - * True if most recent call to security_bprm_set_creds - * resulted in elevated privileges. - */ - active_secureexec:1, + /* Use the creds of a script (see binfmt_misc) */ + execfd_creds:1, /* * Set by bprm_creds_for_exec hook to indicate a * privilege-gaining exec has happened. Used to set |