mirror of
https://github.com/tbsdtv/linux_media.git
synced 2025-07-23 12:43:29 +02:00
exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds
Rename bprm->cap_elevated to bprm->active_secureexec and initialize it in prepare_binprm instead of in cap_bprm_set_creds. Initializing bprm->active_secureexec in prepare_binprm allows multiple implementations of security_bprm_repopulate_creds to play nicely with each other. Rename security_bprm_set_creds to security_bprm_reopulate_creds to emphasize that this path recomputes part of bprm->cred. This recomputation avoids the time of check vs time of use problems that are inherent in unix #! interpreters. In short two renames and a move in the location of initializing bprm->active_secureexec. Link: https://lkml.kernel.org/r/87o8qkzrxp.fsf_-_@x220.int.ebiederm.org Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman
@@ -797,14 +797,14 @@ static inline bool nonroot_raised_pE(struct cred *new, const struct cred *old,
|
||||
}
|
||||
|
||||
/**
|
||||
* cap_bprm_set_creds - Set up the proposed credentials for execve().
|
||||
* cap_bprm_repopulate_creds - Set up the proposed credentials for execve().
|
||||
* @bprm: The execution parameters, including the proposed creds
|
||||
*
|
||||
* Set up the proposed credentials for a new execution context being
|
||||
* constructed by execve(). The proposed creds in @bprm->cred is altered,
|
||||
* which won't take effect immediately. Returns 0 if successful, -ve on error.
|
||||
*/
|
||||
int cap_bprm_set_creds(struct linux_binprm *bprm)
|
||||
int cap_bprm_repopulate_creds(struct linux_binprm *bprm)
|
||||
{
|
||||
const struct cred *old = current_cred();
|
||||
struct cred *new = bprm->cred;
|
||||
@@ -884,12 +884,11 @@ int cap_bprm_set_creds(struct linux_binprm *bprm)
|
||||
return -EPERM;
|
||||
|
||||
/* Check for privilege-elevated exec. */
|
||||
bprm->cap_elevated = 0;
|
||||
if (is_setid ||
|
||||
(!__is_real(root_uid, new) &&
|
||||
(effective ||
|
||||
__cap_grew(permitted, ambient, new))))
|
||||
bprm->cap_elevated = 1;
|
||||
bprm->active_secureexec = 1;
|
||||
|
||||
return 0;
|
||||
}
|
||||
@@ -1346,7 +1345,7 @@ static struct security_hook_list capability_hooks[] __lsm_ro_after_init = {
|
||||
LSM_HOOK_INIT(ptrace_traceme, cap_ptrace_traceme),
|
||||
LSM_HOOK_INIT(capget, cap_capget),
|
||||
LSM_HOOK_INIT(capset, cap_capset),
|
||||
LSM_HOOK_INIT(bprm_set_creds, cap_bprm_set_creds),
|
||||
LSM_HOOK_INIT(bprm_repopulate_creds, cap_bprm_repopulate_creds),
|
||||
LSM_HOOK_INIT(inode_need_killpriv, cap_inode_need_killpriv),
|
||||
LSM_HOOK_INIT(inode_killpriv, cap_inode_killpriv),
|
||||
LSM_HOOK_INIT(inode_getsecurity, cap_inode_getsecurity),
|
||||
|
||||
Reference in New Issue
Block a user