Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1751682AbdHAAXe (ORCPT <rfc822;w@1wt.eu>);
        Mon, 31 Jul 2017 20:23:34 -0400
Received: from mail-io0-f176.google.com ([209.85.223.176]:35677 "EHLO
        mail-io0-f176.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1751648AbdHAAXc (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 31 Jul 2017 20:23:32 -0400
MIME-Version: 1.0
In-Reply-To: <1501545093-56634-4-git-send-email-keescook@chromium.org>
References: <1501545093-56634-1-git-send-email-keescook@chromium.org> <1501545093-56634-4-git-send-email-keescook@chromium.org>
From: Kees Cook <keescook@chromium.org>
Date: Mon, 31 Jul 2017 17:23:31 -0700
X-Google-Sender-Auth: Ytp5_EOfMCEOMCdSzIkHwOtn2TU
Message-ID: <CAGXu5j+Ubbp6guLUUDF7PuF7chbj5V1M=VjkjYfif=hW9bst9w@mail.gmail.com>
Subject: Re: [PATCH v4 03/15] binfmt: Introduce secureexec flag
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>, David Howells <dhowells@redhat.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        John Johansen <john.johansen@canonical.com>,
        "Serge E. Hallyn" <serge@hallyn.com>, Paul Moore <paul@paul-moore.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        James Morris <james.l.morris@oracle.com>,
        Andy Lutomirski <luto@kernel.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>,
        linux-security-module <linux-security-module@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1028
Lines: 27

On Mon, Jul 31, 2017 at 4:51 PM, Kees Cook <keescook@chromium.org> wrote:
> diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
> index 3cd98e8bc9dc..6cfd36a27d4e 100644
> --- a/include/linux/binfmts.h
> +++ b/include/linux/binfmts.h
> @@ -34,6 +34,12 @@ struct linux_binprm {
>                 cap_effective:1;/* true if has elevated effective capabilities,
>                                  * false if not; except for init which inherits
>                                  * its parent's caps anyway */
> +               /*
> +                * Set by bprm_set_creds hook to indicate a privilege-gaining
> +                * exec has happened. Used to sanitize execution environment
> +                * and to set AT_SECURE auxv for glibc.
> +                */
> +               secureexec:1;
>  #ifdef __alpha__
>         unsigned int taso:1;
>  #endif

Grrr. git rebase messed me up. (; vs , in variable list.) I will send
a v5 and double-check the per-patch builds. Bleh.

-Kees

-- 
Kees Cook
Pixel Security