[RFC][PATCH] exec: Move cred computation under exec_update_lock
Oleg Nesterov
oleg at redhat.com
Sun Nov 23 18:52:20 UTC 2025
Eric,
sorry for delay, I am on PTO, didn't read emails this week...
On 11/20, Eric W. Biederman wrote:
>
> Instead of computing the new cred before we pass the point of no
> return compute the new cred just before we use it.
>
> This allows the removal of fs_struct->in_exec and cred_guard_mutex.
>
> I am not certain why we wanted to compute the cred for the new
> executable so early. Perhaps I missed something but I did not see any
> common errors being signaled. So I don't think we loose anything by
> computing the new cred later.
>
> We gain a lot.
Yes. I LIKE your approach after a quick glance. And I swear, I thought about
it too ;)
But is it correct? I don't know. I'll try to actually read your patch next
week (I am on PTO untill the end of November), but I am not sure I can
provide a valuable feedback.
One "obvious" problem is that, after this patch, the execing process can crash
in a case when currently exec() returns an error...
Oleg.
More information about the Linux-security-module-archive
mailing list