Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752412AbdGSBG1 (ORCPT ); Tue, 18 Jul 2017 21:06:27 -0400 Received: from mail.kernel.org ([198.145.29.99]:60052 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751969AbdGSBGZ (ORCPT ); Tue, 18 Jul 2017 21:06:25 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org A4BF523693 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org MIME-Version: 1.0 In-Reply-To: <1500416736-49829-3-git-send-email-keescook@chromium.org> References: <1500416736-49829-1-git-send-email-keescook@chromium.org> <1500416736-49829-3-git-send-email-keescook@chromium.org> From: Andy Lutomirski Date: Tue, 18 Jul 2017 18:06:03 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v3 02/15] exec: Rename bprm->cred_prepared to called_set_creds To: Kees Cook Cc: Andrew Morton , David Howells , John Johansen , Paul Moore , Stephen Smalley , Casey Schaufler , James Morris , "Eric W. Biederman" , "Serge E. Hallyn" , Tetsuo Handa , Andy Lutomirski , Linus Torvalds , Linux FS Devel , LSM List , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1497 Lines: 37 On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: > The cred_prepared bprm flag has a misleading name. It has nothing to do > with the bprm_prepare_cred hook, and actually tracks if bprm_set_creds has > been called. Rename this flag and improve its comment. > > Cc: David Howells > Cc: John Johansen > Cc: Paul Moore > Cc: Stephen Smalley > Cc: Casey Schaufler > Cc: James Morris > Signed-off-by: Kees Cook > --- > fs/binfmt_flat.c | 2 +- > fs/exec.c | 2 +- > include/linux/binfmts.h | 8 ++++++-- > security/apparmor/domain.c | 2 +- > security/selinux/hooks.c | 2 +- > security/smack/smack_lsm.c | 2 +- > security/tomoyo/tomoyo.c | 2 +- > 7 files changed, 12 insertions(+), 8 deletions(-) > > diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c > index 2edcefc0a294..a722530cc468 100644 > --- a/fs/binfmt_flat.c > +++ b/fs/binfmt_flat.c > @@ -885,7 +885,7 @@ static int load_flat_shared_library(int id, struct lib_info *libs) > * as we're past the point of no return and are dealing with shared > * libraries. > */ > - bprm.cred_prepared = 1; > + bprm.called_set_creds = 1; WTF is this? It's not, strictly speaking, a bug in this patch, but it's nonsensical. Is it fixed (presuably deleted) later? Otherwise looks good.