Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1752117AbdHANrE (ORCPT <rfc822;w@1wt.eu>);
        Tue, 1 Aug 2017 09:47:04 -0400
Received: from mail.kernel.org ([198.145.29.99]:57488 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1752097AbdHANrB (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 1 Aug 2017 09:47:01 -0400
DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 8939E22CA1
Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org
Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=luto@kernel.org
MIME-Version: 1.0
In-Reply-To: <1501545093-56634-9-git-send-email-keescook@chromium.org>
References: <1501545093-56634-1-git-send-email-keescook@chromium.org> <1501545093-56634-9-git-send-email-keescook@chromium.org>
From: Andy Lutomirski <luto@kernel.org>
Date: Tue, 1 Aug 2017 06:46:38 -0700
X-Gmail-Original-Message-ID: <CALCETrU-KEhF-OaHGVOu64TNeemP1pT1Y1Deba9TSGOzfOfu3w@mail.gmail.com>
Message-ID: <CALCETrU-KEhF-OaHGVOu64TNeemP1pT1Y1Deba9TSGOzfOfu3w@mail.gmail.com>
Subject: Re: [PATCH v4 08/15] commoncap: Move cap_elevated calculation into bprm_set_creds
To: Kees Cook <keescook@chromium.org>
Cc: Andrew Morton <akpm@linux-foundation.org>,
        Andy Lutomirski <luto@kernel.org>, David Howells <dhowells@redhat.com>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        John Johansen <john.johansen@canonical.com>,
        "Serge E. Hallyn" <serge@hallyn.com>, Paul Moore <paul@paul-moore.com>,
        Stephen Smalley <sds@tycho.nsa.gov>,
        Casey Schaufler <casey@schaufler-ca.com>,
        Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
        James Morris <james.l.morris@oracle.com>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Linux FS Devel <linux-fsdevel@vger.kernel.org>,
        LSM List <linux-security-module@vger.kernel.org>,
        "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 852
Lines: 21

On Mon, Jul 31, 2017 at 4:51 PM, Kees Cook <keescook@chromium.org> wrote:
> Instead of a separate function, open-code the cap_elevated test, which
> lets us entirely remove bprm->cap_effective (to use the local "effective"
> variable instead), and more accurately examine euid/egid changes via the
> existing local "is_setid".
>
> The following LTP tests were run to validate the changes:
>
>         # ./runltp -f syscalls -s cap
>         # ./runltp -f securebits
>         # ./runltp -f cap_bounds
>         # ./runltp -f filecaps
>
> All kernel selftests for capabilities and exec continue to pass as well.
>
> Cc: Andy Lutomirski <luto@kernel.org>
> Signed-off-by: Kees Cook <keescook@chromium.org>
> Reviewed-by: James Morris <james.l.morris@oracle.com>
> Acked-by: Serge Hallyn <serge@hallyn.com>

Reviewed-by: Andy Lutomirski <luto@kernel.org>