Re: [PATCH 1/7] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf

From: Kees Cook
Date: Tue May 05 2020 - 16:45:24 EST

Next message: Kees Cook: "Re: [PATCH 2/7] exec: Make unlocking exec_update_mutex explict"
Previous message: Christoph Hellwig: "Re: remove set_fs calls from the coredump code v6"
In reply to: Eric W. Biederman: "[PATCH 1/7] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf"
Next in thread: Greg Ungerer: "Re: [PATCH 1/7] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 05, 2020 at 02:41:01PM -0500, Eric W. Biederman wrote:
>
> In 2016 Linus moved install_exec_creds immediately after
> setup_new_exec, in binfmt_elf as a cleanup and as part of closing a
> potential information leak.
>
> Perform the same cleanup for the other binary formats.
>
> Different binary formats doing the same things the same way makes exec
> easier to reason about and easier to maintain.
>
> The binfmt_flagt bits were tested by Greg Ungerer <gerg@xxxxxxxxxxxxxx>
>
> Ref: 9f834ec18def ("binfmt_elf: switch to new creds when switching to new mm")
> Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>

Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx>

--
Kees Cook

Next message: Kees Cook: "Re: [PATCH 2/7] exec: Make unlocking exec_update_mutex explict"
Previous message: Christoph Hellwig: "Re: remove set_fs calls from the coredump code v6"
In reply to: Eric W. Biederman: "[PATCH 1/7] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf"
Next in thread: Greg Ungerer: "Re: [PATCH 1/7] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]