exec: Merge install_exec_creds into setup_new_exec
The two functions are now always called one right after the other so merge them together to make future maintenance easier. Reviewed-by: Kees Cook <keescook@chromium.org> Reviewed-by: Greg Ungerer <gerg@linux-m68k.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
This commit is contained in:
Eric W. Biederman
parent
1507b7a30a
commit
96ecee29b0
@ -140,7 +140,6 @@ static int load_aout_binary(struct linux_binprm *bprm)
|
|||||||
set_personality_ia32(false);
|
set_personality_ia32(false);
|
||||||
|
|
||||||
setup_new_exec(bprm);
|
setup_new_exec(bprm);
|
||||||
install_exec_creds(bprm);
|
|
||||||
|
|
||||||
regs->cs = __USER32_CS;
|
regs->cs = __USER32_CS;
|
||||||
regs->r8 = regs->r9 = regs->r10 = regs->r11 = regs->r12 =
|
regs->r8 = regs->r9 = regs->r10 = regs->r11 = regs->r12 =
|
||||||
|
|||||||
@ -162,7 +162,6 @@ static int load_aout_binary(struct linux_binprm * bprm)
|
|||||||
set_personality(PER_LINUX);
|
set_personality(PER_LINUX);
|
||||||
#endif
|
#endif
|
||||||
setup_new_exec(bprm);
|
setup_new_exec(bprm);
|
||||||
install_exec_creds(bprm);
|
|
||||||
|
|
||||||
current->mm->end_code = ex.a_text +
|
current->mm->end_code = ex.a_text +
|
||||||
(current->mm->start_code = N_TXTADDR(ex));
|
(current->mm->start_code = N_TXTADDR(ex));
|
||||||
|
|||||||
@ -858,7 +858,6 @@ out_free_interp:
|
|||||||
current->flags |= PF_RANDOMIZE;
|
current->flags |= PF_RANDOMIZE;
|
||||||
|
|
||||||
setup_new_exec(bprm);
|
setup_new_exec(bprm);
|
||||||
install_exec_creds(bprm);
|
|
||||||
|
|
||||||
/* Do this so that we can load the interpreter, if need be. We will
|
/* Do this so that we can load the interpreter, if need be. We will
|
||||||
change some of these later */
|
change some of these later */
|
||||||
|
|||||||
@ -353,7 +353,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
|
|||||||
current->personality |= READ_IMPLIES_EXEC;
|
current->personality |= READ_IMPLIES_EXEC;
|
||||||
|
|
||||||
setup_new_exec(bprm);
|
setup_new_exec(bprm);
|
||||||
install_exec_creds(bprm);
|
|
||||||
|
|
||||||
set_binfmt(&elf_fdpic_format);
|
set_binfmt(&elf_fdpic_format);
|
||||||
|
|
||||||
|
|||||||
@ -541,7 +541,6 @@ static int load_flat_file(struct linux_binprm *bprm,
|
|||||||
/* OK, This is the point of no return */
|
/* OK, This is the point of no return */
|
||||||
set_personality(PER_LINUX_32BIT);
|
set_personality(PER_LINUX_32BIT);
|
||||||
setup_new_exec(bprm);
|
setup_new_exec(bprm);
|
||||||
install_exec_creds(bprm);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|||||||
56
fs/exec.c
56
fs/exec.c
@ -1443,6 +1443,31 @@ void setup_new_exec(struct linux_binprm * bprm)
|
|||||||
group */
|
group */
|
||||||
WRITE_ONCE(current->self_exec_id, current->self_exec_id + 1);
|
WRITE_ONCE(current->self_exec_id, current->self_exec_id + 1);
|
||||||
flush_signal_handlers(current, 0);
|
flush_signal_handlers(current, 0);
|
||||||
|
|
||||||
|
/*
|
||||||
|
* install the new credentials for this executable
|
||||||
|
*/
|
||||||
|
security_bprm_committing_creds(bprm);
|
||||||
|
|
||||||
|
commit_creds(bprm->cred);
|
||||||
|
bprm->cred = NULL;
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Disable monitoring for regular users
|
||||||
|
* when executing setuid binaries. Must
|
||||||
|
* wait until new credentials are committed
|
||||||
|
* by commit_creds() above
|
||||||
|
*/
|
||||||
|
if (get_dumpable(current->mm) != SUID_DUMP_USER)
|
||||||
|
perf_event_exit_task(current);
|
||||||
|
/*
|
||||||
|
* cred_guard_mutex must be held at least to this point to prevent
|
||||||
|
* ptrace_attach() from altering our determination of the task's
|
||||||
|
* credentials; any time after this it may be unlocked.
|
||||||
|
*/
|
||||||
|
security_bprm_committed_creds(bprm);
|
||||||
|
mutex_unlock(¤t->signal->exec_update_mutex);
|
||||||
|
mutex_unlock(¤t->signal->cred_guard_mutex);
|
||||||
}
|
}
|
||||||
EXPORT_SYMBOL(setup_new_exec);
|
EXPORT_SYMBOL(setup_new_exec);
|
||||||
|
|
||||||
@ -1458,7 +1483,7 @@ EXPORT_SYMBOL(finalize_exec);
|
|||||||
|
|
||||||
/*
|
/*
|
||||||
* Prepare credentials and lock ->cred_guard_mutex.
|
* Prepare credentials and lock ->cred_guard_mutex.
|
||||||
* install_exec_creds() commits the new creds and drops the lock.
|
* setup_new_exec() commits the new creds and drops the lock.
|
||||||
* Or, if exec fails before, free_bprm() should release ->cred and
|
* Or, if exec fails before, free_bprm() should release ->cred and
|
||||||
* and unlock.
|
* and unlock.
|
||||||
*/
|
*/
|
||||||
@ -1504,35 +1529,6 @@ int bprm_change_interp(const char *interp, struct linux_binprm *bprm)
|
|||||||
}
|
}
|
||||||
EXPORT_SYMBOL(bprm_change_interp);
|
EXPORT_SYMBOL(bprm_change_interp);
|
||||||
|
|
||||||
/*
|
|
||||||
* install the new credentials for this executable
|
|
||||||
*/
|
|
||||||
void install_exec_creds(struct linux_binprm *bprm)
|
|
||||||
{
|
|
||||||
security_bprm_committing_creds(bprm);
|
|
||||||
|
|
||||||
commit_creds(bprm->cred);
|
|
||||||
bprm->cred = NULL;
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Disable monitoring for regular users
|
|
||||||
* when executing setuid binaries. Must
|
|
||||||
* wait until new credentials are committed
|
|
||||||
* by commit_creds() above
|
|
||||||
*/
|
|
||||||
if (get_dumpable(current->mm) != SUID_DUMP_USER)
|
|
||||||
perf_event_exit_task(current);
|
|
||||||
/*
|
|
||||||
* cred_guard_mutex must be held at least to this point to prevent
|
|
||||||
* ptrace_attach() from altering our determination of the task's
|
|
||||||
* credentials; any time after this it may be unlocked.
|
|
||||||
*/
|
|
||||||
security_bprm_committed_creds(bprm);
|
|
||||||
mutex_unlock(¤t->signal->exec_update_mutex);
|
|
||||||
mutex_unlock(¤t->signal->cred_guard_mutex);
|
|
||||||
}
|
|
||||||
EXPORT_SYMBOL(install_exec_creds);
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* determine how safe it is to execute the proposed program
|
* determine how safe it is to execute the proposed program
|
||||||
* - the caller must hold ->cred_guard_mutex to protect against
|
* - the caller must hold ->cred_guard_mutex to protect against
|
||||||
|
|||||||
@ -145,7 +145,6 @@ extern int transfer_args_to_stack(struct linux_binprm *bprm,
|
|||||||
extern int bprm_change_interp(const char *interp, struct linux_binprm *bprm);
|
extern int bprm_change_interp(const char *interp, struct linux_binprm *bprm);
|
||||||
extern int copy_strings_kernel(int argc, const char *const *argv,
|
extern int copy_strings_kernel(int argc, const char *const *argv,
|
||||||
struct linux_binprm *bprm);
|
struct linux_binprm *bprm);
|
||||||
extern void install_exec_creds(struct linux_binprm *bprm);
|
|
||||||
extern void set_binfmt(struct linux_binfmt *new);
|
extern void set_binfmt(struct linux_binfmt *new);
|
||||||
extern ssize_t read_code(struct file *, unsigned long, loff_t, size_t);
|
extern ssize_t read_code(struct file *, unsigned long, loff_t, size_t);
|
||||||
|
|
||||||
|
|||||||
@ -12217,7 +12217,7 @@ static void perf_event_exit_task_context(struct task_struct *child, int ctxn)
|
|||||||
* When a child task exits, feed back event values to parent events.
|
* When a child task exits, feed back event values to parent events.
|
||||||
*
|
*
|
||||||
* Can be called with exec_update_mutex held when called from
|
* Can be called with exec_update_mutex held when called from
|
||||||
* install_exec_creds().
|
* setup_new_exec().
|
||||||
*/
|
*/
|
||||||
void perf_event_exit_task(struct task_struct *child)
|
void perf_event_exit_task(struct task_struct *child)
|
||||||
{
|
{
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user