consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling
new helper: would_dump(bprm, file). Checks if we are allowed to read the file and if we are not - sets ENFORCE_NODUMP. Exported, used in places that previously open-coded the same logics. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
parent
78f32a9b47
commit
1b5d783c94
5 changed files with 15 additions and 9 deletions
|
@ -668,8 +668,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
|
|||
* mm->dumpable = 0 regardless of the interpreter's
|
||||
* permissions.
|
||||
*/
|
||||
if (file_permission(interpreter, MAY_READ) < 0)
|
||||
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
|
||||
would_dump(bprm, interpreter);
|
||||
|
||||
retval = kernel_read(interpreter, 0, bprm->buf,
|
||||
BINPRM_BUF_SIZE);
|
||||
|
|
|
@ -245,8 +245,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm,
|
|||
* mm->dumpable = 0 regardless of the interpreter's
|
||||
* permissions.
|
||||
*/
|
||||
if (file_permission(interpreter, MAY_READ) < 0)
|
||||
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
|
||||
would_dump(bprm, interpreter);
|
||||
|
||||
retval = kernel_read(interpreter, 0, bprm->buf,
|
||||
BINPRM_BUF_SIZE);
|
||||
|
|
|
@ -149,8 +149,7 @@ static int load_misc_binary(struct linux_binprm *bprm, struct pt_regs *regs)
|
|||
|
||||
/* if the binary is not readable than enforce mm->dumpable=0
|
||||
regardless of the interpreter's permissions */
|
||||
if (file_permission(bprm->file, MAY_READ))
|
||||
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
|
||||
would_dump(bprm, bprm->file);
|
||||
|
||||
allow_write_access(bprm->file);
|
||||
bprm->file = NULL;
|
||||
|
|
14
fs/exec.c
14
fs/exec.c
|
@ -1105,6 +1105,13 @@ int flush_old_exec(struct linux_binprm * bprm)
|
|||
}
|
||||
EXPORT_SYMBOL(flush_old_exec);
|
||||
|
||||
void would_dump(struct linux_binprm *bprm, struct file *file)
|
||||
{
|
||||
if (inode_permission(file->f_path.dentry->d_inode, MAY_READ) < 0)
|
||||
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
|
||||
}
|
||||
EXPORT_SYMBOL(would_dump);
|
||||
|
||||
void setup_new_exec(struct linux_binprm * bprm)
|
||||
{
|
||||
int i, ch;
|
||||
|
@ -1144,9 +1151,10 @@ void setup_new_exec(struct linux_binprm * bprm)
|
|||
if (bprm->cred->uid != current_euid() ||
|
||||
bprm->cred->gid != current_egid()) {
|
||||
current->pdeath_signal = 0;
|
||||
} else if (file_permission(bprm->file, MAY_READ) ||
|
||||
bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) {
|
||||
set_dumpable(current->mm, suid_dumpable);
|
||||
} else {
|
||||
would_dump(bprm, bprm->file);
|
||||
if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
|
||||
set_dumpable(current->mm, suid_dumpable);
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
@ -111,6 +111,7 @@ extern int __must_check remove_arg_zero(struct linux_binprm *);
|
|||
extern int search_binary_handler(struct linux_binprm *, struct pt_regs *);
|
||||
extern int flush_old_exec(struct linux_binprm * bprm);
|
||||
extern void setup_new_exec(struct linux_binprm * bprm);
|
||||
extern void would_dump(struct linux_binprm *, struct file *);
|
||||
|
||||
extern int suid_dumpable;
|
||||
#define SUID_DUMP_DISABLE 0 /* No setuid dumping */
|
||||
|
|
Loading…
Reference in a new issue