diff options
Diffstat (limited to 'fs/exec.c')
| -rw-r--r-- | fs/exec.c | 15 |
1 files changed, 10 insertions, 5 deletions
| @@ -1139,7 +1139,7 @@ void setup_new_exec(struct linux_binprm * bprm) | |||
| 1139 | /* This is the point of no return */ | 1139 | /* This is the point of no return */ |
| 1140 | current->sas_ss_sp = current->sas_ss_size = 0; | 1140 | current->sas_ss_sp = current->sas_ss_size = 0; |
| 1141 | 1141 | ||
| 1142 | if (current_euid() == current_uid() && current_egid() == current_gid()) | 1142 | if (uid_eq(current_euid(), current_uid()) && gid_eq(current_egid(), current_gid())) |
| 1143 | set_dumpable(current->mm, 1); | 1143 | set_dumpable(current->mm, 1); |
| 1144 | else | 1144 | else |
| 1145 | set_dumpable(current->mm, suid_dumpable); | 1145 | set_dumpable(current->mm, suid_dumpable); |
| @@ -1153,8 +1153,8 @@ void setup_new_exec(struct linux_binprm * bprm) | |||
| 1153 | current->mm->task_size = TASK_SIZE; | 1153 | current->mm->task_size = TASK_SIZE; |
| 1154 | 1154 | ||
| 1155 | /* install the new credentials */ | 1155 | /* install the new credentials */ |
| 1156 | if (bprm->cred->uid != current_euid() || | 1156 | if (!uid_eq(bprm->cred->uid, current_euid()) || |
| 1157 | bprm->cred->gid != current_egid()) { | 1157 | !gid_eq(bprm->cred->gid, current_egid())) { |
| 1158 | current->pdeath_signal = 0; | 1158 | current->pdeath_signal = 0; |
| 1159 | } else { | 1159 | } else { |
| 1160 | would_dump(bprm, bprm->file); | 1160 | would_dump(bprm, bprm->file); |
| @@ -1299,8 +1299,11 @@ int prepare_binprm(struct linux_binprm *bprm) | |||
| 1299 | !current->no_new_privs) { | 1299 | !current->no_new_privs) { |
| 1300 | /* Set-uid? */ | 1300 | /* Set-uid? */ |
| 1301 | if (mode & S_ISUID) { | 1301 | if (mode & S_ISUID) { |
| 1302 | if (!kuid_has_mapping(bprm->cred->user_ns, inode->i_uid)) | ||
| 1303 | return -EPERM; | ||
| 1302 | bprm->per_clear |= PER_CLEAR_ON_SETID; | 1304 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
| 1303 | bprm->cred->euid = inode->i_uid; | 1305 | bprm->cred->euid = inode->i_uid; |
| 1306 | |||
| 1304 | } | 1307 | } |
| 1305 | 1308 | ||
| 1306 | /* Set-gid? */ | 1309 | /* Set-gid? */ |
| @@ -1310,6 +1313,8 @@ int prepare_binprm(struct linux_binprm *bprm) | |||
| 1310 | * executable. | 1313 | * executable. |
| 1311 | */ | 1314 | */ |
| 1312 | if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { | 1315 | if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { |
| 1316 | if (!kgid_has_mapping(bprm->cred->user_ns, inode->i_gid)) | ||
| 1317 | return -EPERM; | ||
| 1313 | bprm->per_clear |= PER_CLEAR_ON_SETID; | 1318 | bprm->per_clear |= PER_CLEAR_ON_SETID; |
| 1314 | bprm->cred->egid = inode->i_gid; | 1319 | bprm->cred->egid = inode->i_gid; |
| 1315 | } | 1320 | } |
| @@ -2142,7 +2147,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) | |||
| 2142 | if (__get_dumpable(cprm.mm_flags) == 2) { | 2147 | if (__get_dumpable(cprm.mm_flags) == 2) { |
| 2143 | /* Setuid core dump mode */ | 2148 | /* Setuid core dump mode */ |
| 2144 | flag = O_EXCL; /* Stop rewrite attacks */ | 2149 | flag = O_EXCL; /* Stop rewrite attacks */ |
| 2145 | cred->fsuid = 0; /* Dump root private */ | 2150 | cred->fsuid = GLOBAL_ROOT_UID; /* Dump root private */ |
| 2146 | } | 2151 | } |
| 2147 | 2152 | ||
| 2148 | retval = coredump_wait(exit_code, &core_state); | 2153 | retval = coredump_wait(exit_code, &core_state); |
| @@ -2243,7 +2248,7 @@ void do_coredump(long signr, int exit_code, struct pt_regs *regs) | |||
| 2243 | * Dont allow local users get cute and trick others to coredump | 2248 | * Dont allow local users get cute and trick others to coredump |
| 2244 | * into their pre-created files. | 2249 | * into their pre-created files. |
| 2245 | */ | 2250 | */ |
| 2246 | if (inode->i_uid != current_fsuid()) | 2251 | if (!uid_eq(inode->i_uid, current_fsuid())) |
| 2247 | goto close_fail; | 2252 | goto close_fail; |
| 2248 | if (!cprm.file->f_op || !cprm.file->f_op->write) | 2253 | if (!cprm.file->f_op || !cprm.file->f_op->write) |
| 2249 | goto close_fail; | 2254 | goto close_fail; |