Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 1b5d783c authored by Al Viro's avatar Al Viro
Browse files

consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling 



new helper: would_dump(bprm, file).  Checks if we are allowed to
read the file and if we are not - sets ENFORCE_NODUMP.  Exported,
used in places that previously open-coded the same logics.

Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 78f32a9b

fs/binfmt_elf.c

+1 −2
Original line number Diff line number Diff line
@@ -668,8 +668,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) 
			 * mm->dumpable = 0 regardless of the interpreter's

			 * permissions.

			 */

			if (file_permission(interpreter, MAY_READ) < 0)

				bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;

			would_dump(bprm, interpreter);



			retval = kernel_read(interpreter, 0, bprm->buf,

					     BINPRM_BUF_SIZE);

fs/binfmt_elf_fdpic.c

+1 −2
Original line number Diff line number Diff line
@@ -245,8 +245,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm, 
			 * mm->dumpable = 0 regardless of the interpreter's

			 * permissions.

			 */

			if (file_permission(interpreter, MAY_READ) < 0)

				bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;

			would_dump(bprm, interpreter);



			retval = kernel_read(interpreter, 0, bprm->buf,

					     BINPRM_BUF_SIZE);

fs/binfmt_misc.c

+1 −2
Original line number Diff line number Diff line
@@ -149,8 +149,7 @@ static int load_misc_binary(struct linux_binprm *bprm, struct pt_regs *regs) 


		/* if the binary is not readable than enforce mm->dumpable=0

		   regardless of the interpreter's permissions */

		if (file_permission(bprm->file, MAY_READ))

			bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;

		would_dump(bprm, bprm->file);



		allow_write_access(bprm->file);

		bprm->file = NULL;

fs/exec.c

+11 −3
Original line number Diff line number Diff line
@@ -1105,6 +1105,13 @@ out: 
}

EXPORT_SYMBOL(flush_old_exec);



void would_dump(struct linux_binprm *bprm, struct file *file)

{

	if (inode_permission(file->f_path.dentry->d_inode, MAY_READ) < 0)

		bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;

}

EXPORT_SYMBOL(would_dump);



void setup_new_exec(struct linux_binprm * bprm)

{

	int i, ch;
@@ -1144,8 +1151,9 @@ void setup_new_exec(struct linux_binprm * bprm) 
	if (bprm->cred->uid != current_euid() ||

	    bprm->cred->gid != current_egid()) {

		current->pdeath_signal = 0;

	} else if (file_permission(bprm->file, MAY_READ) ||

		   bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) {

	} else {

		would_dump(bprm, bprm->file);

		if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)

			set_dumpable(current->mm, suid_dumpable);

	}

include/linux/binfmts.h

+1 −0
Original line number Diff line number Diff line
@@ -111,6 +111,7 @@ extern int __must_check remove_arg_zero(struct linux_binprm *); 
extern int search_binary_handler(struct linux_binprm *, struct pt_regs *);

extern int flush_old_exec(struct linux_binprm * bprm);

extern void setup_new_exec(struct linux_binprm * bprm);

extern void would_dump(struct linux_binprm *, struct file *);



extern int suid_dumpable;

#define SUID_DUMP_DISABLE	0	/* No setuid dumping */