Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752041AbdGSEkK (ORCPT ); Wed, 19 Jul 2017 00:40:10 -0400 Received: from mail-io0-f171.google.com ([209.85.223.171]:35355 "EHLO mail-io0-f171.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751825AbdGSEkF (ORCPT ); Wed, 19 Jul 2017 00:40:05 -0400 MIME-Version: 1.0 In-Reply-To: References: <1500416736-49829-1-git-send-email-keescook@chromium.org> <1500416736-49829-3-git-send-email-keescook@chromium.org> From: Kees Cook Date: Tue, 18 Jul 2017 21:40:03 -0700 X-Google-Sender-Auth: bJ3mkfFms3OrYiw85zGSj_2FsoA Message-ID: Subject: Re: [PATCH v3 02/15] exec: Rename bprm->cred_prepared to called_set_creds To: Andy Lutomirski Cc: Andrew Morton , David Howells , John Johansen , Paul Moore , Stephen Smalley , Casey Schaufler , James Morris , "Eric W. Biederman" , "Serge E. Hallyn" , Tetsuo Handa , Linus Torvalds , Linux FS Devel , LSM List , "linux-kernel@vger.kernel.org" Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1730 Lines: 48 On Tue, Jul 18, 2017 at 6:06 PM, Andy Lutomirski wrote: > On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: >> The cred_prepared bprm flag has a misleading name. It has nothing to do >> with the bprm_prepare_cred hook, and actually tracks if bprm_set_creds has >> been called. Rename this flag and improve its comment. >> >> Cc: David Howells >> Cc: John Johansen >> Cc: Paul Moore >> Cc: Stephen Smalley >> Cc: Casey Schaufler >> Cc: James Morris >> Signed-off-by: Kees Cook >> --- >> fs/binfmt_flat.c | 2 +- >> fs/exec.c | 2 +- >> include/linux/binfmts.h | 8 ++++++-- >> security/apparmor/domain.c | 2 +- >> security/selinux/hooks.c | 2 +- >> security/smack/smack_lsm.c | 2 +- >> security/tomoyo/tomoyo.c | 2 +- >> 7 files changed, 12 insertions(+), 8 deletions(-) >> >> diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c >> index 2edcefc0a294..a722530cc468 100644 >> --- a/fs/binfmt_flat.c >> +++ b/fs/binfmt_flat.c >> @@ -885,7 +885,7 @@ static int load_flat_shared_library(int id, struct lib_info *libs) >> * as we're past the point of no return and are dealing with shared >> * libraries. >> */ >> - bprm.cred_prepared = 1; >> + bprm.called_set_creds = 1; > > WTF is this? It's not, strictly speaking, a bug in this patch, but > it's nonsensical. Is it fixed (presuably deleted) later? binfmt_flat looks crazy, but I haven't seen any distros that enable it. > Otherwise looks good. Thanks! -Kees -- Kees Cook Pixel Security