Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 473d8963 authored by Kees Cook's avatar Kees Cook
Browse files

exec: Consolidate dumpability logic 



Since it's already valid to set dumpability in the early part of
setup_new_exec(), we can consolidate the logic into a single place.
The BINPRM_FLAGS_ENFORCE_NONDUMP is set during would_dump() calls
before setup_new_exec(), so its test is safe to move as well.

Signed-off-by: default avatarKees Cook <keescook@chromium.org>
Acked-by: default avatarSerge Hallyn <serge@hallyn.com>
Reviewed-by: default avatarJames Morris <james.l.morris@oracle.com>
parent 35b372b7

fs/exec.c

+5 −6
Original line number Diff line number Diff line
@@ -1354,10 +1354,12 @@ void setup_new_exec(struct linux_binprm * bprm) 


	current->sas_ss_sp = current->sas_ss_size = 0;



	if (!bprm->secureexec)

		set_dumpable(current->mm, SUID_DUMP_USER);

	else

	/* Figure out dumpability. */

	if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP ||

	    bprm->secureexec)

		set_dumpable(current->mm, suid_dumpable);

	else

		set_dumpable(current->mm, SUID_DUMP_USER);



	arch_setup_new_exec();

	perf_event_exec();
@@ -1371,9 +1373,6 @@ void setup_new_exec(struct linux_binprm * bprm) 


	if (bprm->secureexec) {

		current->pdeath_signal = 0;

	} else {

		if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)

			set_dumpable(current->mm, suid_dumpable);

	}



	/* An exec changes our domain. We are no longer part of the thread