Commit e816c201 authored Jan 02, 2018 by Kees Cook Committed by Linus Torvalds Jan 03, 2018

exec: Weaken dumpability for secureexec

This is a logical revert of commit e37fdb78 ("exec: Use secureexec
for setting dumpability")

This weakens dumpability back to checking only for uid/gid changes in
current (which is useless), but userspace depends on dumpability not
being tied to secureexec.

  https://bugzilla.redhat.com/show_bug.cgi?id=1528633



Reported-by: Tom Horsley <horsley1953@gmail.com>
Fixes: e37fdb78 ("exec: Use secureexec for setting dumpability")
Cc: stable@vger.kernel.org
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 30a7acd5

fs/exec.c

+7 −2

Original line number	Diff line number	Diff line
		@@ -1349,9 +1349,14 @@ void setup_new_exec(struct linux_binprm * bprm)

		current->sas_ss_sp = current->sas_ss_size = 0;

		/* Figure out dumpability. */
		/*
		* Figure out dumpability. Note that this checking only of current
		* is wrong, but userspace depends on it. This should be testing
		* bprm->secureexec instead.
		*/
		if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP \|\|
		bprm->secureexec)
		!(uid_eq(current_euid(), current_uid()) &&
		gid_eq(current_egid(), current_gid())))
		set_dumpable(current->mm, suid_dumpable);
		else
		set_dumpable(current->mm, SUID_DUMP_USER);