[PATCH v2 2/8] exec: Move security_bprm_secureexec() earlier

Kees Cook keescook at chromium.org
Mon Jul 10 16:06:29 UTC 2017

On Mon, Jul 10, 2017 at 1:57 AM, Eric W. Biederman
<ebiederm at xmission.com> wrote:
> Kees Cook <keescook at chromium.org> writes:
>> There are several places where exec needs to know if a privilege-gain has
>> happened. These should be using the results of security_bprm_secureexec()
>> but it is getting (needlessly) called very late.
> It is hard to tell at a glance but I believe this introduces a
> regression.
> cap_bprm_set_creds is currently called before cap_bprm_secureexec and
> it has a number of cases such as no_new_privs and ptrace that can result
> in some of the precomputed credential changes not happening.
> Without accounting for that I believe your cap_bprm_securexec now
> returns a postive value too early.

It's still before cap_bprm_secureexec. cap_brpm_set_creds() is in
prepare_binprm(), which is well before exec_binprm() and it's eventual
call to setup_new_exec().


Kees Cook
Pixel Security
To unsubscribe from this list: send the line "unsubscribe linux-security-module" in
the body of a message to majordomo at vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

More information about the Linux-security-module-archive mailing list