diff options
| author |  Eric W. Biederman <ebiederm@xmission.com>
| 2020-05-16 06:02:54 -0500 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com>
| 2020-05-21 10:16:57 -0500 |
| commit | a16b3357b2b8e910bb614254d8a7e84d2bd59b4c (patch) | |
| tree | d0a003e8cc8555bb5c87f38bc0a64addd21dd176 /fs/binfmt_script.c | |
| parent | exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds (diff) | |
| download | linux-a16b3357b2b8e910bb614254d8a7e84d2bd59b4c.tar.gz linux-a16b3357b2b8e910bb614254d8a7e84d2bd59b4c.tar.bz2 linux-a16b3357b2b8e910bb614254d8a7e84d2bd59b4c.zip | |
exec: Allow load_misc_binary to call prepare_binprm unconditionally
Add a flag preserve_creds that binfmt_misc can set to prevent
credentials from being updated. This allows binfmt_misc to always
call prepare_binprm. Allowing the credential computation logic to be
consolidated.
Not replacing the credentials with the interpreters credentials is
safe because because an open file descriptor to the executable is
passed to the interpreter. As the interpreter does not need to
reopen the executable it is guaranteed to see the same file that
exec sees.
Ref: c407c033de84 ("[PATCH] binfmt_misc: improve calculation of interpreter's credentials")
Link: https://lkml.kernel.org/r/87imgszrwo.fsf_-_@x220.int.ebiederm.org
Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'fs/binfmt_script.c')
0 files changed, 0 insertions, 0 deletions