summaryrefslogtreecommitdiffstats
path: root/security/security.c
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2020-05-14 19:53:44 +0200
committerEric W. Biederman <ebiederm@xmission.com>2020-05-21 17:16:50 +0200
commit112b7147592e8f46bd1da4f961773e6d974f38a8 (patch)
tree78da2d713b0bc074b1e7b9c77738e52e6aa2da75 /security/security.c
parentexec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds (diff)
downloadlinux-112b7147592e8f46bd1da4f961773e6d974f38a8.tar.xz
linux-112b7147592e8f46bd1da4f961773e6d974f38a8.zip
exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds
Rename bprm->cap_elevated to bprm->active_secureexec and initialize it in prepare_binprm instead of in cap_bprm_set_creds. Initializing bprm->active_secureexec in prepare_binprm allows multiple implementations of security_bprm_repopulate_creds to play nicely with each other. Rename security_bprm_set_creds to security_bprm_reopulate_creds to emphasize that this path recomputes part of bprm->cred. This recomputation avoids the time of check vs time of use problems that are inherent in unix #! interpreters. In short two renames and a move in the location of initializing bprm->active_secureexec. Link: https://lkml.kernel.org/r/87o8qkzrxp.fsf_-_@x220.int.ebiederm.org Acked-by: Linus Torvalds <torvalds@linux-foundation.org> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'security/security.c')
-rw-r--r--security/security.c4
1 files changed, 2 insertions, 2 deletions
diff --git a/security/security.c b/security/security.c
index 4ee76a729f73..b890b7e2a765 100644
--- a/security/security.c
+++ b/security/security.c
@@ -828,9 +828,9 @@ int security_bprm_creds_for_exec(struct linux_binprm *bprm)
return call_int_hook(bprm_creds_for_exec, 0, bprm);
}
-int security_bprm_set_creds(struct linux_binprm *bprm)
+int security_bprm_repopulate_creds(struct linux_binprm *bprm)
{
- return call_int_hook(bprm_set_creds, 0, bprm);
+ return call_int_hook(bprm_repopulate_creds, 0, bprm);
}
int security_bprm_check(struct linux_binprm *bprm)