[PATCH 09/11] exec: In bprm_fill_uid only set per_clear when honoring suid or sgid
Eric W. Biederman
ebiederm at xmission.com
Thu May 28 19:21:57 UTC 2020
Linus Torvalds <torvalds at linux-foundation.org> writes:
> On Thu, May 28, 2020 at 8:53 AM Eric W. Biederman <ebiederm at xmission.com> wrote:
>> It makes no sense to set active_per_clear when the kernel decides not
>> to honor the executables setuid or or setgid bits. Instead set
>> active_per_clear when the kernel actually decides to honor the suid or
>> sgid permission bits of an executable.
> You seem to be confused about the naming yourself.
> You talk about "active_per_clear", but the code is about "per_clear". WTF?
I figured out how to kill active_per_clear see (3/11) and I failed to
update the patch description here.
I think active_ is a louzy suffix but since it all goes away in patch 3
when I remove the recomputation and the need to have two versions of the
setting I think it is probably good enough.
More information about the Linux-security-module-archive