Re: [PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds

On Wed, May 20, 2020 at 03:22:38PM -0500, Eric W. Biederman wrote: > Kees Cook writes: > > > On Tue, May 19, 2020 at 02:03:23PM -0500, Eric W. Biederman wrote: > >> Kees Cook writes: > >> > >> > On Mon, May 18, 2020 at 07:31:14PM -0500, Eric W. Biederman wrote: > >> >> [...] > >> >> diff --git

Re: [PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds

Kees Cook writes: > On Tue, May 19, 2020 at 02:03:23PM -0500, Eric W. Biederman wrote: >> Kees Cook writes: >> >> > On Mon, May 18, 2020 at 07:31:14PM -0500, Eric W. Biederman wrote: >> >> [...] >> >> diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h >> >> index d1217fcdedea..8605a

Re: [PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds

James Morris writes: > On Mon, 18 May 2020, Eric W. Biederman wrote: > >> diff --git a/fs/exec.c b/fs/exec.c >> index 9e70da47f8d9..8e3b93d51d31 100644 >> --- a/fs/exec.c >> +++ b/fs/exec.c >> @@ -1366,7 +1366,7 @@ int begin_new_exec(struct linux_binprm * bprm) >> * the final state of setui

Re: [PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds

On Mon, 18 May 2020, Eric W. Biederman wrote: > diff --git a/fs/exec.c b/fs/exec.c > index 9e70da47f8d9..8e3b93d51d31 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -1366,7 +1366,7 @@ int begin_new_exec(struct linux_binprm * bprm) >* the final state of setuid/setgid/fscaps can be merged i

Re: [PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds

On Tue, May 19, 2020 at 02:03:23PM -0500, Eric W. Biederman wrote: > Kees Cook writes: > > > On Mon, May 18, 2020 at 07:31:14PM -0500, Eric W. Biederman wrote: > >> [...] > >> diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h > >> index d1217fcdedea..8605ab4a0f89 100644 > >> --- a/in

Re: [PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds

Kees Cook writes: > On Mon, May 18, 2020 at 07:31:14PM -0500, Eric W. Biederman wrote: >> >> Rename bprm->cap_elevated to bprm->active_secureexec and initialize it >> in prepare_binprm instead of in cap_bprm_set_creds. Initializing >> bprm->active_secureexec in prepare_binprm allows multiple >>

Re: [PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds

On Mon, May 18, 2020 at 07:31:14PM -0500, Eric W. Biederman wrote: > > Rename bprm->cap_elevated to bprm->active_secureexec and initialize it > in prepare_binprm instead of in cap_bprm_set_creds. Initializing > bprm->active_secureexec in prepare_binprm allows multiple > implementations of securit

[PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds

Rename bprm->cap_elevated to bprm->active_secureexec and initialize it in prepare_binprm instead of in cap_bprm_set_creds. Initializing bprm->active_secureexec in prepare_binprm allows multiple implementations of security_bprm_repopulate_creds to play nicely with each other. Rename security_bpr