aboutsummaryrefslogtreecommitdiff
path: root/samples
diff options
context:
space:
mode:
authorGravatar Kees Cook <keescook@chromium.org> 2024-01-24 11:22:32 -0800
committerGravatar Linus Torvalds <torvalds@linux-foundation.org> 2024-01-24 11:38:58 -0800
commit4759ff71f23e1a9cba001009abab68cde6dc327a (patch)
treee5efe6883f1324a5605dffcd498b86aad7d0dffd /samples
parentMerge tag 'fbdev-for-6.8-rc2' of git://git.kernel.org/pub/scm/linux/kernel/gi... (diff)
downloadlinux-4759ff71f23e1a9cba001009abab68cde6dc327a.tar.gz
linux-4759ff71f23e1a9cba001009abab68cde6dc327a.tar.bz2
linux-4759ff71f23e1a9cba001009abab68cde6dc327a.zip
exec: Check __FMODE_EXEC instead of in_execve for LSMs
After commit 978ffcbf00d8 ("execve: open the executable file before doing anything else"), current->in_execve was no longer in sync with the open(). This broke AppArmor and TOMOYO which depend on this flag to distinguish "open" operations from being "exec" operations. Instead of moving around in_execve, switch to using __FMODE_EXEC, which is where the "is this an exec?" intent is stored. Note that TOMOYO still uses in_execve around cred handling. Reported-by: Kevin Locke <kevin@kevinlocke.name> Closes: https://lore.kernel.org/all/ZbE4qn9_h14OqADK@kevinlocke.name Suggested-by: Linus Torvalds <torvalds@linux-foundation.org> Fixes: 978ffcbf00d8 ("execve: open the executable file before doing anything else") Cc: Josh Triplett <josh@joshtriplett.org> Cc: John Johansen <john.johansen@canonical.com> Cc: Paul Moore <paul@paul-moore.com> Cc: James Morris <jmorris@namei.org> Cc: Serge E. Hallyn <serge@hallyn.com> Cc: Kentaro Takeda <takedakn@nttdata.co.jp> Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Jan Kara <jack@suse.cz> Cc: Eric Biederman <ebiederm@xmission.com> Cc: Andrew Morton <akpm@linux-foundation.org> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de> Cc: <linux-fsdevel@vger.kernel.org> Cc: <linux-mm@kvack.org> Cc: <apparmor@lists.ubuntu.com> Cc: <linux-security-module@vger.kernel.org> Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'samples')
0 files changed, 0 insertions, 0 deletions