Message ID | 1501545093-56634-4-git-send-email-keescook@chromium.org (mailing list archive) |
---|---|
State | New, archived |
Headers | show |
On Mon, Jul 31, 2017 at 4:51 PM, Kees Cook <keescook@chromium.org> wrote: > diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h > index 3cd98e8bc9dc..6cfd36a27d4e 100644 > --- a/include/linux/binfmts.h > +++ b/include/linux/binfmts.h > @@ -34,6 +34,12 @@ struct linux_binprm { > cap_effective:1;/* true if has elevated effective capabilities, > * false if not; except for init which inherits > * its parent's caps anyway */ > + /* > + * Set by bprm_set_creds hook to indicate a privilege-gaining > + * exec has happened. Used to sanitize execution environment > + * and to set AT_SECURE auxv for glibc. > + */ > + secureexec:1; > #ifdef __alpha__ > unsigned int taso:1; > #endif Grrr. git rebase messed me up. (; vs , in variable list.) I will send a v5 and double-check the per-patch builds. Bleh. -Kees
On Mon, 31 Jul 2017, Kees Cook wrote: > Cc: David Howells <dhowells@redhat.com> > Signed-off-by: Kees Cook <keescook@chromium.org> > Reviewed-by: John Johansen <john.johansen@canonical.com> > Acked-by: Serge Hallyn <serge@hallyn.com> > --- > fs/binfmt_elf.c | 2 +- > fs/binfmt_elf_fdpic.c | 2 +- > fs/exec.c | 2 ++ > include/linux/binfmts.h | 6 ++++++ > 4 files changed, 10 insertions(+), 2 deletions(-) > Reviewed-by: James Morris <james.l.morris@oracle.com>
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c index 5075fd5c62c8..7f6ec4dac13d 100644 --- a/fs/binfmt_elf.c +++ b/fs/binfmt_elf.c @@ -254,7 +254,7 @@ create_elf_tables(struct linux_binprm *bprm, struct elfhdr *exec, NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid)); NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid)); NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid)); - NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); + NEW_AUX_ENT(AT_SECURE, bprm->secureexec); NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes); #ifdef ELF_HWCAP2 NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2); diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index cf93a4fad012..5aa9199dfb13 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c @@ -650,7 +650,7 @@ static int create_elf_fdpic_tables(struct linux_binprm *bprm, NEW_AUX_ENT(AT_EUID, (elf_addr_t) from_kuid_munged(cred->user_ns, cred->euid)); NEW_AUX_ENT(AT_GID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->gid)); NEW_AUX_ENT(AT_EGID, (elf_addr_t) from_kgid_munged(cred->user_ns, cred->egid)); - NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm)); + NEW_AUX_ENT(AT_SECURE, bprm->secureexec); NEW_AUX_ENT(AT_EXECFN, bprm->exec); #ifdef ARCH_DLINFO diff --git a/fs/exec.c b/fs/exec.c index 90bd5b85814f..77244367c773 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -1322,6 +1322,8 @@ EXPORT_SYMBOL(would_dump); void setup_new_exec(struct linux_binprm * bprm) { + bprm->secureexec |= security_bprm_secureexec(bprm); + arch_pick_mmap_layout(current->mm); current->sas_ss_sp = current->sas_ss_size = 0; diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 3cd98e8bc9dc..6cfd36a27d4e 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h @@ -34,6 +34,12 @@ struct linux_binprm { cap_effective:1;/* true if has elevated effective capabilities, * false if not; except for init which inherits * its parent's caps anyway */ + /* + * Set by bprm_set_creds hook to indicate a privilege-gaining + * exec has happened. Used to sanitize execution environment + * and to set AT_SECURE auxv for glibc. + */ + secureexec:1; #ifdef __alpha__ unsigned int taso:1; #endif