| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 17 May 2016 12:14:39 -0700 From: Kees Cook <keescook@...omium.org> To: Jonathan Corbet <corbet@....net> Cc: David Howells <dhowells@...hat.com>, Linus Torvalds <torvalds@...ux-foundation.org>, Serge Hallyn <serge.hallyn@...ntu.com>, Willy Tarreau <w@....eu>, linux-doc@...r.kernel.org, Alexander Viro <viro@...iv.linux.org.uk>, linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org Subject: [PATCH v2] exec: clarify reasoning for euid/egid reset This section of code initially looks redundant, but is required. This improves the comment to explain more clearly why the reset is needed. Signed-off-by: Kees Cook <keescook@...omium.org> Acked-by: Serge E. Hallyn <serge.hallyn@...ntu.com> --- v2: - clarified example as a setuid script, dhowells --- fs/exec.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/fs/exec.c b/fs/exec.c index c4010b8207a1..a98b21d47385 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1387,7 +1387,12 @@ static void bprm_fill_uid(struct linux_binprm *bprm) kuid_t uid; kgid_t gid; - /* clear any previous set[ug]id data from a previous binary */ + /* + * Since this can be called multiple times (via prepare_binprm), + * we must clear any previous work done when setting set[ug]id + * bits from any earlier bprm->file uses (for example when run + * first for a setuid script then again for its interpreter). + */ bprm->cred->euid = current_euid(); bprm->cred->egid = current_egid(); -- 2.6.3 -- Kees Cook Chrome OS & Brillo Security
Powered by blists - more mailing lists