summaryrefslogtreecommitdiffstats
path: root/fs
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-07-18 15:25:34 -0700
committerKees Cook <keescook@chromium.org>2017-08-01 12:03:13 -0700
commit473d89639db0aaa0799616b397584ba4f58cd8e1 (patch)
tree5e9000d933802bf54a139f0b6825f8b5971627dd /fs
parent35b372b76f7153142cd4838ef1e1e094d115f46f (diff)
downloadop-kernel-dev-473d89639db0aaa0799616b397584ba4f58cd8e1.zip
op-kernel-dev-473d89639db0aaa0799616b397584ba4f58cd8e1.tar.gz
exec: Consolidate dumpability logic
Since it's already valid to set dumpability in the early part of setup_new_exec(), we can consolidate the logic into a single place. The BINPRM_FLAGS_ENFORCE_NONDUMP is set during would_dump() calls before setup_new_exec(), so its test is safe to move as well. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'fs')
-rw-r--r--fs/exec.c11
1 files changed, 5 insertions, 6 deletions
diff --git a/fs/exec.c b/fs/exec.c
index 7a92885..3006c1c 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1354,10 +1354,12 @@ void setup_new_exec(struct linux_binprm * bprm)
current->sas_ss_sp = current->sas_ss_size = 0;
- if (!bprm->secureexec)
- set_dumpable(current->mm, SUID_DUMP_USER);
- else
+ /* Figure out dumpability. */
+ if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP ||
+ bprm->secureexec)
set_dumpable(current->mm, suid_dumpable);
+ else
+ set_dumpable(current->mm, SUID_DUMP_USER);
arch_setup_new_exec();
perf_event_exec();
@@ -1371,9 +1373,6 @@ void setup_new_exec(struct linux_binprm * bprm)
if (bprm->secureexec) {
current->pdeath_signal = 0;
- } else {
- if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
- set_dumpable(current->mm, suid_dumpable);
}
/* An exec changes our domain. We are no longer part of the thread
OpenPOWER on IntegriCloud