| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20160412164428.GA1972@www.outflux.net> Date: Tue, 12 Apr 2016 09:44:28 -0700 From: Kees Cook <keescook@...omium.org> To: Linus Torvalds <torvalds@...ux-foundation.org> Cc: David Howells <dhowells@...hat.com>, Serge Hallyn <serge.hallyn@...ntu.com>, Willy Tarreau <w@....eu>, Alexander Viro <viro@...iv.linux.org.uk>, linux-kernel@...r.kernel.org Subject: [PATCH] exec: clarify reasoning for euid/egid reset This section of code initially looks redundant, but is required. This improves the comment to explain more clearly why the reset is needed. Signed-off-by: Kees Cook <keescook@...omium.org> --- fs/exec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/exec.c b/fs/exec.c index c4010b8207a1..889221bbfdb3 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1387,7 +1387,12 @@ static void bprm_fill_uid(struct linux_binprm *bprm) kuid_t uid; kgid_t gid; - /* clear any previous set[ug]id data from a previous binary */ + /* + * Since this can be called multiple times (via prepare_binprm), + * we must clear any previous work done when setting set[ug]id + * bits from any earlier bprm->file uses (for example when run + * first for a script then for its interpreter). + */ bprm->cred->euid = current_euid(); bprm->cred->egid = current_egid(); -- 2.6.3 -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists