diff options
| author | Al Viro <viro@zeniv.linux.org.uk> | 2011-06-19 12:49:47 -0400 |
|---|---|---|
| committer | Al Viro <viro@zeniv.linux.org.uk> | 2011-07-20 01:43:10 -0400 |
| commit | 1b5d783c94c328d406e801566f161adcfb018dda (patch) | |
| tree | e7d27b987e0670099af28db0d6bfcdac33236046 | |
| parent | 78f32a9b479e9b9f1ce2bf620a7602c1cdbc4c8e (diff) | |
consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling
new helper: would_dump(bprm, file). Checks if we are allowed to
read the file and if we are not - sets ENFORCE_NODUMP. Exported,
used in places that previously open-coded the same logics.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
| -rw-r--r-- | fs/binfmt_elf.c | 3 | ||||
| -rw-r--r-- | fs/binfmt_elf_fdpic.c | 3 | ||||
| -rw-r--r-- | fs/binfmt_misc.c | 3 | ||||
| -rw-r--r-- | fs/exec.c | 14 | ||||
| -rw-r--r-- | include/linux/binfmts.h | 1 |
5 files changed, 15 insertions, 9 deletions
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 303983fabfd6..dd0fdfc56d38 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c | |||
| @@ -668,8 +668,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) | |||
| 668 | * mm->dumpable = 0 regardless of the interpreter's | 668 | * mm->dumpable = 0 regardless of the interpreter's |
| 669 | * permissions. | 669 | * permissions. |
| 670 | */ | 670 | */ |
| 671 | if (file_permission(interpreter, MAY_READ) < 0) | 671 | would_dump(bprm, interpreter); |
| 672 | bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; | ||
| 673 | 672 | ||
| 674 | retval = kernel_read(interpreter, 0, bprm->buf, | 673 | retval = kernel_read(interpreter, 0, bprm->buf, |
| 675 | BINPRM_BUF_SIZE); | 674 | BINPRM_BUF_SIZE); |
diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index 2bc5dc644b4c..30745f459faf 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c | |||
| @@ -245,8 +245,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm, | |||
| 245 | * mm->dumpable = 0 regardless of the interpreter's | 245 | * mm->dumpable = 0 regardless of the interpreter's |
| 246 | * permissions. | 246 | * permissions. |
| 247 | */ | 247 | */ |
| 248 | if (file_permission(interpreter, MAY_READ) < 0) | 248 | would_dump(bprm, interpreter); |
| 249 | bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; | ||
| 250 | 249 | ||
| 251 | retval = kernel_read(interpreter, 0, bprm->buf, | 250 | retval = kernel_read(interpreter, 0, bprm->buf, |
| 252 | BINPRM_BUF_SIZE); | 251 | BINPRM_BUF_SIZE); |
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c index 1befe2ec8186..ba1a1ae4a18a 100644 --- a/fs/binfmt_misc.c +++ b/fs/binfmt_misc.c | |||
| @@ -149,8 +149,7 @@ static int load_misc_binary(struct linux_binprm *bprm, struct pt_regs *regs) | |||
| 149 | 149 | ||
| 150 | /* if the binary is not readable than enforce mm->dumpable=0 | 150 | /* if the binary is not readable than enforce mm->dumpable=0 |
| 151 | regardless of the interpreter's permissions */ | 151 | regardless of the interpreter's permissions */ |
| 152 | if (file_permission(bprm->file, MAY_READ)) | 152 | would_dump(bprm, bprm->file); |
| 153 | bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; | ||
| 154 | 153 | ||
| 155 | allow_write_access(bprm->file); | 154 | allow_write_access(bprm->file); |
| 156 | bprm->file = NULL; | 155 | bprm->file = NULL; |
| @@ -1105,6 +1105,13 @@ out: | |||
| 1105 | } | 1105 | } |
| 1106 | EXPORT_SYMBOL(flush_old_exec); | 1106 | EXPORT_SYMBOL(flush_old_exec); |
| 1107 | 1107 | ||
| 1108 | void would_dump(struct linux_binprm *bprm, struct file *file) | ||
| 1109 | { | ||
| 1110 | if (inode_permission(file->f_path.dentry->d_inode, MAY_READ) < 0) | ||
| 1111 | bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; | ||
| 1112 | } | ||
| 1113 | EXPORT_SYMBOL(would_dump); | ||
| 1114 | |||
| 1108 | void setup_new_exec(struct linux_binprm * bprm) | 1115 | void setup_new_exec(struct linux_binprm * bprm) |
| 1109 | { | 1116 | { |
| 1110 | int i, ch; | 1117 | int i, ch; |
| @@ -1144,9 +1151,10 @@ void setup_new_exec(struct linux_binprm * bprm) | |||
| 1144 | if (bprm->cred->uid != current_euid() || | 1151 | if (bprm->cred->uid != current_euid() || |
| 1145 | bprm->cred->gid != current_egid()) { | 1152 | bprm->cred->gid != current_egid()) { |
| 1146 | current->pdeath_signal = 0; | 1153 | current->pdeath_signal = 0; |
| 1147 | } else if (file_permission(bprm->file, MAY_READ) || | 1154 | } else { |
| 1148 | bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) { | 1155 | would_dump(bprm, bprm->file); |
| 1149 | set_dumpable(current->mm, suid_dumpable); | 1156 | if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) |
| 1157 | set_dumpable(current->mm, suid_dumpable); | ||
| 1150 | } | 1158 | } |
| 1151 | 1159 | ||
| 1152 | /* | 1160 | /* |
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 8845613fd7e3..fd88a3945aa1 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h | |||
| @@ -111,6 +111,7 @@ extern int __must_check remove_arg_zero(struct linux_binprm *); | |||
| 111 | extern int search_binary_handler(struct linux_binprm *, struct pt_regs *); | 111 | extern int search_binary_handler(struct linux_binprm *, struct pt_regs *); |
| 112 | extern int flush_old_exec(struct linux_binprm * bprm); | 112 | extern int flush_old_exec(struct linux_binprm * bprm); |
| 113 | extern void setup_new_exec(struct linux_binprm * bprm); | 113 | extern void setup_new_exec(struct linux_binprm * bprm); |
| 114 | extern void would_dump(struct linux_binprm *, struct file *); | ||
| 114 | 115 | ||
| 115 | extern int suid_dumpable; | 116 | extern int suid_dumpable; |
| 116 | #define SUID_DUMP_DISABLE 0 /* No setuid dumping */ | 117 | #define SUID_DUMP_DISABLE 0 /* No setuid dumping */ |