diff options
Diffstat (limited to 'fs/exec.c')
-rw-r--r-- | fs/exec.c | 28 |
1 files changed, 22 insertions, 6 deletions
@@ -1057,16 +1057,32 @@ EXPORT_SYMBOL(install_exec_creds); | |||
1057 | * - the caller must hold current->cred_exec_mutex to protect against | 1057 | * - the caller must hold current->cred_exec_mutex to protect against |
1058 | * PTRACE_ATTACH | 1058 | * PTRACE_ATTACH |
1059 | */ | 1059 | */ |
1060 | void check_unsafe_exec(struct linux_binprm *bprm) | 1060 | void check_unsafe_exec(struct linux_binprm *bprm, struct files_struct *files) |
1061 | { | 1061 | { |
1062 | struct task_struct *p = current; | 1062 | struct task_struct *p = current, *t; |
1063 | unsigned long flags; | ||
1064 | unsigned n_fs, n_files, n_sighand; | ||
1063 | 1065 | ||
1064 | bprm->unsafe = tracehook_unsafe_exec(p); | 1066 | bprm->unsafe = tracehook_unsafe_exec(p); |
1065 | 1067 | ||
1066 | if (atomic_read(&p->fs->count) > 1 || | 1068 | n_fs = 1; |
1067 | atomic_read(&p->files->count) > 1 || | 1069 | n_files = 1; |
1068 | atomic_read(&p->sighand->count) > 1) | 1070 | n_sighand = 1; |
1071 | lock_task_sighand(p, &flags); | ||
1072 | for (t = next_thread(p); t != p; t = next_thread(t)) { | ||
1073 | if (t->fs == p->fs) | ||
1074 | n_fs++; | ||
1075 | if (t->files == files) | ||
1076 | n_files++; | ||
1077 | n_sighand++; | ||
1078 | } | ||
1079 | |||
1080 | if (atomic_read(&p->fs->count) > n_fs || | ||
1081 | atomic_read(&p->files->count) > n_files || | ||
1082 | atomic_read(&p->sighand->count) > n_sighand) | ||
1069 | bprm->unsafe |= LSM_UNSAFE_SHARE; | 1083 | bprm->unsafe |= LSM_UNSAFE_SHARE; |
1084 | |||
1085 | unlock_task_sighand(p, &flags); | ||
1070 | } | 1086 | } |
1071 | 1087 | ||
1072 | /* | 1088 | /* |
@@ -1281,7 +1297,7 @@ int do_execve(char * filename, | |||
1281 | bprm->cred = prepare_exec_creds(); | 1297 | bprm->cred = prepare_exec_creds(); |
1282 | if (!bprm->cred) | 1298 | if (!bprm->cred) |
1283 | goto out_unlock; | 1299 | goto out_unlock; |
1284 | check_unsafe_exec(bprm); | 1300 | check_unsafe_exec(bprm, displaced); |
1285 | 1301 | ||
1286 | file = open_exec(filename); | 1302 | file = open_exec(filename); |
1287 | retval = PTR_ERR(file); | 1303 | retval = PTR_ERR(file); |