[PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file

Linus Torvalds torvalds at linux-foundation.org
Sat May 9 20:19:38 UTC 2020


On Sat, May 9, 2020 at 1:15 PM Eric W. Biederman <ebiederm at xmission.com> wrote:
>
> I agree something needs to be renamed, to remove confusion.

Yeah, the alternative is to rename the capability version. I don't
care much which way it goes, although I do think it's best to call out
explicitly that the security hook functions get only the "primary"
executable brpm info.

Which is why I'd prefer to just rename all those low-level security
cases. It makes for a slightly bigger patch, but I think it makes for
better readability, and makes it explicit that that hook is literally
just for the primary executable, not for the interpreter or whatever.

               Linus



More information about the Linux-security-module-archive mailing list