[PATCH 0/5] exec: Control flow simplifications
Eric W. Biederman
ebiederm at xmission.com
Sat May 9 19:40:17 UTC 2020
It is hard to follow the control flow in exec.c as the code has evolved
over time and something that used to work one way now works another.
This set of changes attempts to address the worst of that, to remove
unnecessary work and to make the code a little easier to follow.
The one rough point in my changes is cap_bprm_set_creds propbably
needs a new name as I have taken it out of security_bprm_set_creds
but my imagination failed to come up with anything better.
Eric W. Biederman (5):
exec: Call cap_bprm_set_creds directly from prepare_binprm
exec: Directly call security_bprm_set_creds from __do_execve_file
exec: Remove recursion from search_binary_handler
exec: Allow load_misc_binary to call prepare_binfmt unconditionally
exec: Move the call of prepare_binprm into search_binary_handler
arch/alpha/kernel/binfmt_loader.c | 5 +----
fs/binfmt_em86.c | 7 +-----
fs/binfmt_misc.c | 22 +++---------------
fs/binfmt_script.c | 5 +----
fs/exec.c | 47 +++++++++++++++++++++------------------
include/linux/binfmts.h | 11 ++-------
include/linux/security.h | 2 +-
security/apparmor/domain.c | 3 ---
security/commoncap.c | 1 -
security/selinux/hooks.c | 2 --
security/smack/smack_lsm.c | 3 ---
security/tomoyo/tomoyo.c | 6 -----
12 files changed, 34 insertions(+), 80 deletions(-)
---
I think this is correct set of changes that makes things better but
please look things over/review this code if you have any expertise in
anything I am touching.
Thank you,
Eric
More information about the Linux-security-module-archive
mailing list