Slight restructuring of the logic for credential change case identification

during execve() to use a 'credential_changing' variable.  This makes it
easier to have outstanding patchsets against this code, as well as to
add conditionally defined clauses.

Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, NAI Labs

1 files changed, 8 insertions, 2 deletions

diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c
index 2ed3839..df6bf3a 100644
--- a/sys/kern/kern_exec.c
+++ b/sys/kern/kern_exec.c
@@ -145,6 +145,7 @@ execve(td, uap)
 	struct vnode *tracevp = NULL;
 #endif
 	struct vnode *textvp = NULL;
+	int credential_changing;
 
 	imgp = &image_params;
 
@@ -378,8 +379,13 @@ interpret:
 	 * the process is being traced.
 	 */
 	oldcred = p->p_ucred;
-	if ((((attr.va_mode & VSUID) && oldcred->cr_uid != attr.va_uid) ||
-	     ((attr.va_mode & VSGID) && oldcred->cr_gid != attr.va_gid)) &&
+	credential_changing = 0;
+	credential_changing |= (attr.va_mode & VSUID) && oldcred->cr_uid !=
+	    attr.va_uid;
+	credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid !=
+	    attr.va_gid;
+
+	if (credential_changing &&
 	    (imgp->vp->v_mount->mnt_flag & MNT_NOSUID) == 0 &&
 	    (p->p_flag & P_TRACED) == 0) {
 		/*