[PATCH 0/5] exec: Control flow simplifications

Eric W. Biederman ebiederm at xmission.com
Sat May 9 19:40:17 UTC 2020

It is hard to follow the control flow in exec.c as the code has evolved
over time and something that used to work one way now works another.
This set of changes attempts to address the worst of that, to remove
unnecessary work and to make the code a little easier to follow.

The one rough point in my changes is cap_bprm_set_creds propbably
needs a new name as I have taken it out of security_bprm_set_creds
but my imagination failed to come up with anything better.

Eric W. Biederman (5):
      exec: Call cap_bprm_set_creds directly from prepare_binprm
      exec: Directly call security_bprm_set_creds from __do_execve_file
      exec: Remove recursion from search_binary_handler
      exec: Allow load_misc_binary to call prepare_binfmt unconditionally
      exec: Move the call of prepare_binprm into search_binary_handler

 arch/alpha/kernel/binfmt_loader.c |  5 +----
 fs/binfmt_em86.c                  |  7 +-----
 fs/binfmt_misc.c                  | 22 +++---------------
 fs/binfmt_script.c                |  5 +----
 fs/exec.c                         | 47 +++++++++++++++++++++------------------
 include/linux/binfmts.h           | 11 ++-------
 include/linux/security.h          |  2 +-
 security/apparmor/domain.c        |  3 ---
 security/commoncap.c              |  1 -
 security/selinux/hooks.c          |  2 --
 security/smack/smack_lsm.c        |  3 ---
 security/tomoyo/tomoyo.c          |  6 -----
 12 files changed, 34 insertions(+), 80 deletions(-)


I think this is correct set of changes that makes things better but
please look things over/review this code if you have any expertise in
anything I am touching.

Thank you,

More information about the Linux-security-module-archive mailing list