diff options
Diffstat (limited to 'fs/exec.c')
| -rw-r--r-- | fs/exec.c | 26 |
1 files changed, 15 insertions, 11 deletions
| @@ -110,13 +110,14 @@ SYSCALL_DEFINE1(uselib, const char __user *, library) | |||
| 110 | static const struct open_flags uselib_flags = { | 110 | static const struct open_flags uselib_flags = { |
| 111 | .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, | 111 | .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, |
| 112 | .acc_mode = MAY_READ | MAY_EXEC | MAY_OPEN, | 112 | .acc_mode = MAY_READ | MAY_EXEC | MAY_OPEN, |
| 113 | .intent = LOOKUP_OPEN | 113 | .intent = LOOKUP_OPEN, |
| 114 | .lookup_flags = LOOKUP_FOLLOW, | ||
| 114 | }; | 115 | }; |
| 115 | 116 | ||
| 116 | if (IS_ERR(tmp)) | 117 | if (IS_ERR(tmp)) |
| 117 | goto out; | 118 | goto out; |
| 118 | 119 | ||
| 119 | file = do_filp_open(AT_FDCWD, tmp, &uselib_flags, LOOKUP_FOLLOW); | 120 | file = do_filp_open(AT_FDCWD, tmp, &uselib_flags); |
| 120 | putname(tmp); | 121 | putname(tmp); |
| 121 | error = PTR_ERR(file); | 122 | error = PTR_ERR(file); |
| 122 | if (IS_ERR(file)) | 123 | if (IS_ERR(file)) |
| @@ -756,10 +757,11 @@ struct file *open_exec(const char *name) | |||
| 756 | static const struct open_flags open_exec_flags = { | 757 | static const struct open_flags open_exec_flags = { |
| 757 | .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, | 758 | .open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC, |
| 758 | .acc_mode = MAY_EXEC | MAY_OPEN, | 759 | .acc_mode = MAY_EXEC | MAY_OPEN, |
| 759 | .intent = LOOKUP_OPEN | 760 | .intent = LOOKUP_OPEN, |
| 761 | .lookup_flags = LOOKUP_FOLLOW, | ||
| 760 | }; | 762 | }; |
| 761 | 763 | ||
| 762 | file = do_filp_open(AT_FDCWD, &tmp, &open_exec_flags, LOOKUP_FOLLOW); | 764 | file = do_filp_open(AT_FDCWD, &tmp, &open_exec_flags); |
| 763 | if (IS_ERR(file)) | 765 | if (IS_ERR(file)) |
| 764 | goto out; | 766 | goto out; |
| 765 | 767 | ||
| @@ -1135,13 +1137,6 @@ void setup_new_exec(struct linux_binprm * bprm) | |||
| 1135 | set_dumpable(current->mm, suid_dumpable); | 1137 | set_dumpable(current->mm, suid_dumpable); |
| 1136 | } | 1138 | } |
| 1137 | 1139 | ||
| 1138 | /* | ||
| 1139 | * Flush performance counters when crossing a | ||
| 1140 | * security domain: | ||
| 1141 | */ | ||
| 1142 | if (!get_dumpable(current->mm)) | ||
| 1143 | perf_event_exit_task(current); | ||
| 1144 | |||
| 1145 | /* An exec changes our domain. We are no longer part of the thread | 1140 | /* An exec changes our domain. We are no longer part of the thread |
| 1146 | group */ | 1141 | group */ |
| 1147 | 1142 | ||
| @@ -1205,6 +1200,15 @@ void install_exec_creds(struct linux_binprm *bprm) | |||
| 1205 | 1200 | ||
| 1206 | commit_creds(bprm->cred); | 1201 | commit_creds(bprm->cred); |
| 1207 | bprm->cred = NULL; | 1202 | bprm->cred = NULL; |
| 1203 | |||
| 1204 | /* | ||
| 1205 | * Disable monitoring for regular users | ||
| 1206 | * when executing setuid binaries. Must | ||
| 1207 | * wait until new credentials are committed | ||
| 1208 | * by commit_creds() above | ||
| 1209 | */ | ||
| 1210 | if (get_dumpable(current->mm) != SUID_DUMP_USER) | ||
| 1211 | perf_event_exit_task(current); | ||
| 1208 | /* | 1212 | /* |
| 1209 | * cred_guard_mutex must be held at least to this point to prevent | 1213 | * cred_guard_mutex must be held at least to this point to prevent |
| 1210 | * ptrace_attach() from altering our determination of the task's | 1214 | * ptrace_attach() from altering our determination of the task's |