diff options
author | Kees Cook <keescook@chromium.org> | 2017-07-18 15:25:34 -0700 |
---|---|---|
committer | Kees Cook <keescook@chromium.org> | 2017-08-01 12:03:13 -0700 |
commit | 473d89639db0aaa0799616b397584ba4f58cd8e1 (patch) | |
tree | 5e9000d933802bf54a139f0b6825f8b5971627dd /fs | |
parent | 35b372b76f7153142cd4838ef1e1e094d115f46f (diff) | |
download | op-kernel-dev-473d89639db0aaa0799616b397584ba4f58cd8e1.zip op-kernel-dev-473d89639db0aaa0799616b397584ba4f58cd8e1.tar.gz |
exec: Consolidate dumpability logic
Since it's already valid to set dumpability in the early part of
setup_new_exec(), we can consolidate the logic into a single place.
The BINPRM_FLAGS_ENFORCE_NONDUMP is set during would_dump() calls
before setup_new_exec(), so its test is safe to move as well.
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'fs')
-rw-r--r-- | fs/exec.c | 11 |
1 files changed, 5 insertions, 6 deletions
@@ -1354,10 +1354,12 @@ void setup_new_exec(struct linux_binprm * bprm) current->sas_ss_sp = current->sas_ss_size = 0; - if (!bprm->secureexec) - set_dumpable(current->mm, SUID_DUMP_USER); - else + /* Figure out dumpability. */ + if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP || + bprm->secureexec) set_dumpable(current->mm, suid_dumpable); + else + set_dumpable(current->mm, SUID_DUMP_USER); arch_setup_new_exec(); perf_event_exec(); @@ -1371,9 +1373,6 @@ void setup_new_exec(struct linux_binprm * bprm) if (bprm->secureexec) { current->pdeath_signal = 0; - } else { - if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) - set_dumpable(current->mm, suid_dumpable); } /* An exec changes our domain. We are no longer part of the thread |