| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 12 Apr 2016 16:54:52 +0000 From: Serge Hallyn <serge.hallyn@...ntu.com> To: Kees Cook <keescook@...omium.org> Cc: Linus Torvalds <torvalds@...ux-foundation.org>, David Howells <dhowells@...hat.com>, Willy Tarreau <w@....eu>, Alexander Viro <viro@...iv.linux.org.uk>, linux-kernel@...r.kernel.org Subject: Re: [PATCH] exec: clarify reasoning for euid/egid reset Quoting Kees Cook (keescook@...omium.org): > This section of code initially looks redundant, but is required. This > improves the comment to explain more clearly why the reset is needed. > > Signed-off-by: Kees Cook <keescook@...omium.org> Thanks, Kees. Acked-by: Serge E. Hallyn <serge.hallyn@...ntu.com> > --- > fs/exec.c | 7 ++++++- > 1 file changed, 6 insertions(+), 1 deletion(-) > > diff --git a/fs/exec.c b/fs/exec.c > index c4010b8207a1..889221bbfdb3 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -1387,7 +1387,12 @@ static void bprm_fill_uid(struct linux_binprm *bprm) > kuid_t uid; > kgid_t gid; > > - /* clear any previous set[ug]id data from a previous binary */ > + /* > + * Since this can be called multiple times (via prepare_binprm), > + * we must clear any previous work done when setting set[ug]id > + * bits from any earlier bprm->file uses (for example when run > + * first for a script then for its interpreter). > + */ > bprm->cred->euid = current_euid(); > bprm->cred->egid = current_egid(); > > -- > 2.6.3 > > > -- > Kees Cook > Chrome OS & Brillo Security
Powered by blists - more mailing lists