Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit ddb4a144 authored Jul 18, 2017 by Kees Cook

exec: Rename bprm->cred_prepared to called_set_creds

The cred_prepared bprm flag has a misleading name. It has nothing to do
with the bprm_prepare_cred hook, and actually tracks if bprm_set_creds has
been called. Rename this flag and improve its comment.

Cc: David Howells <dhowells@redhat.com>
Cc: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Casey Schaufler <casey@schaufler-ca.com>
Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: John Johansen <john.johansen@canonical.com>
Acked-by: James Morris <james.l.morris@oracle.com>
Acked-by: Paul Moore <paul@paul-moore.com>
Acked-by: Serge Hallyn <serge@hallyn.com>

parent 520eccdf

fs/binfmt_flat.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -890,7 +890,7 @@ static int load_flat_shared_library(int id, struct lib_info *libs)
	* as we're past the point of no return and are dealing with shared		* as we're past the point of no return and are dealing with shared
	* libraries.		* libraries.
	*/		*/
	bprm.cred_prepared = 1;		bprm.called_set_creds = 1;

	res = prepare_binprm(&bprm);		res = prepare_binprm(&bprm);

fs/exec.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -1548,7 +1548,7 @@ int prepare_binprm(struct linux_binprm *bprm)
	retval = security_bprm_set_creds(bprm);		retval = security_bprm_set_creds(bprm);
	if (retval)		if (retval)
	return retval;		return retval;
	bprm->cred_prepared = 1;		bprm->called_set_creds = 1;

	memset(bprm->buf, 0, BINPRM_BUF_SIZE);		memset(bprm->buf, 0, BINPRM_BUF_SIZE);
	return kernel_read(bprm->file, 0, bprm->buf, BINPRM_BUF_SIZE);		return kernel_read(bprm->file, 0, bprm->buf, BINPRM_BUF_SIZE);

include/linux/binfmts.h

+6 −2

Original line number	Original line	Diff line number	Diff line
	@@ -25,8 +25,12 @@ struct linux_binprm {
	struct mm_struct *mm;		struct mm_struct *mm;
	unsigned long p; /* current top of mem */		unsigned long p; /* current top of mem */
	unsigned int		unsigned int
	cred_prepared:1,/* true if creds already prepared (multiple		/*
	* preps happen for interpreters) */		* True after the bprm_set_creds hook has been called once
			* (multiple calls can be made via prepare_binprm() for
			* binfmt_script/misc).
			*/
			called_set_creds:1,
	cap_effective:1;/* true if has elevated effective capabilities,		cap_effective:1;/* true if has elevated effective capabilities,
	* false if not; except for init which inherits		* false if not; except for init which inherits
	* its parent's caps anyway */		* its parent's caps anyway */

security/apparmor/domain.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -758,7 +758,7 @@ int apparmor_bprm_set_creds(struct linux_binprm *bprm)
	file_inode(bprm->file)->i_mode		file_inode(bprm->file)->i_mode
	};		};

	if (bprm->cred_prepared)		if (bprm->called_set_creds)
	return 0;		return 0;

	ctx = cred_ctx(bprm->cred);		ctx = cred_ctx(bprm->cred);

security/selinux/hooks.c

+1 −1

Original line number	Original line	Diff line number	Diff line
	@@ -2356,7 +2356,7 @@ static int selinux_bprm_set_creds(struct linux_binprm *bprm)

	/* SELinux context only depends on initial program or script and not		/* SELinux context only depends on initial program or script and not
	* the script interpreter */		* the script interpreter */
	if (bprm->cred_prepared)		if (bprm->called_set_creds)
	return 0;		return 0;

	old_tsec = current_security();		old_tsec = current_security();