Received: by 2002:a25:ef43:0:0:0:0:0 with SMTP id w3csp675421ybm; Thu, 28 May 2020 12:18:17 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyysehinsA0HTNEhpXx0ceIZ6zsN2gSgqq8NwFwjU+p6Gwc5xXW2lKf13z/ldnEBYk4t2F3 X-Received: by 2002:a05:6402:690:: with SMTP id f16mr4973567edy.9.1590693497686; Thu, 28 May 2020 12:18:17 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1590693497; cv=none; d=google.com; s=arc-20160816; b=zfOL37+yZrts3Emd8iFeMff8y6xL4frpKV3ELo9mJZNavSvin2tOaCmruKTHvK2rat PSIB8P5tR1bhNnltCi3yWSNoaE9IFHvUBGlyt18850pqNmxYhRQno7v2dEFw14uFZKgR WZgrmjqs7tBAqqdSxdN0Ndr0pwRAiRoZUWcs4fgRbmub3Pl+P5jTur/lBkrh7iKSabPC lspuQZ107QxCc5t0/RP7WjsCWB50iP16rLrPzaMDs1+d9Mfy1EvVmazSEZ6PeUI53eHf zO7vpAurgaQ+KReeQWHil40jR5crhNvOtMfLcNCuCk9JzZ2UKdXyrTlxVAuMN9+P2qK1 PpOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=0HTVBakDVN8XNdtT+CkYT4htvCqU+BWizMrhpaCpVUU=; b=NtuDmzdS49lYs6CFxNRq2AfL4YaYf9XjZ84nf/QOyPvM2f33b6XwMjQUpSBX1sluCN DSDMLpBJ2qlcNWkc02v85XnOwzCq/z7cNQW0FTqeHG6LfA0o/4a6pf9kKIUyCUJbtfdP YSp8JJI5zutFGXbTEtOYLmve6OQ7cd5TbzLDq2fcSFfgT0kt0yefoUui7D+6Jrk5DCX/ e1gLSPBVmMp/eigAK1nPq3Jl+kPnikmgjuYN85mgFkj5kZBw6HuMxMVFbdonRhsOepUz TGe9RCg1IQTAV50MYT7SNk9rYwJvntTbSPo3LfN3skZzRWfu9e2SzOAeIrf9AKZ5riWz j0Ng== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=aFMSYB2E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id b21si4213766eju.737.2020.05.28.12.17.53; Thu, 28 May 2020 12:18:17 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=aFMSYB2E; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2406149AbgE1TNw (ORCPT + 99 others); Thu, 28 May 2020 15:13:52 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:58198 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S2405596AbgE1TNt (ORCPT ); Thu, 28 May 2020 15:13:49 -0400 Received: from mail-ej1-x641.google.com (mail-ej1-x641.google.com [IPv6:2a00:1450:4864:20::641]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 35343C08C5C6 for ; Thu, 28 May 2020 12:13:49 -0700 (PDT) Received: by mail-ej1-x641.google.com with SMTP id f7so868691ejq.6 for ; Thu, 28 May 2020 12:13:49 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=0HTVBakDVN8XNdtT+CkYT4htvCqU+BWizMrhpaCpVUU=; b=aFMSYB2ECpaxe8CY18ljTFJv4xRZ5bv1Zi4GWChAC1vehbJjLJ6zd3EKxvcmaiQMve SRJN/ivKuQqNVzeGQp3DjmIyYFrTa8FYINcRjHaUHAuPfavRik3b9xZHsSgl1vMIU6Gg uFypusNji8uKclzDC/fRxY3b+szIfbFvyasjI= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=0HTVBakDVN8XNdtT+CkYT4htvCqU+BWizMrhpaCpVUU=; b=dRVw53xMWu3HKKO7JZ1nugSMft9lWalpz6pmJ95vTYokc/nw1Xqe1AHogA/skul2PT 3AJS5FrXfH3Zy3wB0nu5TZBoyFm8NroKQcXyA+7Sb5fVdSYhKRg4YFk3xd+XwCeE89Yb SiWVFHdTB7KV83ZhnY/6vZirJ7Si+oSa24rOhSkaTVwH+hf4o/HfouLYYVeffGeuyKw7 mBX38HFOwtUckuD2gT8P/n7Xuj6o85bfQ8dcJ6DaruG/UNBU5bUhLN5S5Ed3wAAk8oSz 9rYMQroMiCXyep86U58a5syW9gXWcdZIPEH9FDtabunYQip7ZaoSQ8+XA6IsxmbN6Jfs spKQ== X-Gm-Message-State: AOAM530BjEjT3ELkRKSVqjvKZWzPD4FF0ehQcMocEBioVpZNbXskeS62 rMx5HGsn7FOtAhfQmWq0xptBaD8greE= X-Received: by 2002:a17:906:57c5:: with SMTP id u5mr4331699ejr.419.1590693227612; Thu, 28 May 2020 12:13:47 -0700 (PDT) Received: from mail-ej1-f48.google.com (mail-ej1-f48.google.com. [209.85.218.48]) by smtp.gmail.com with ESMTPSA id v6sm5919433ejv.120.2020.05.28.12.13.47 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 28 May 2020 12:13:47 -0700 (PDT) Received: by mail-ej1-f48.google.com with SMTP id y13so1183498eju.2 for ; Thu, 28 May 2020 12:13:47 -0700 (PDT) X-Received: by 2002:a2e:150f:: with SMTP id s15mr2157651ljd.102.1590692898773; Thu, 28 May 2020 12:08:18 -0700 (PDT) MIME-Version: 1.0 References: <87h7wujhmz.fsf@x220.int.ebiederm.org> <87sgga6ze4.fsf@x220.int.ebiederm.org> <87v9l4zyla.fsf_-_@x220.int.ebiederm.org> <877dx822er.fsf_-_@x220.int.ebiederm.org> <87k10wysqz.fsf_-_@x220.int.ebiederm.org> <87y2pcvz3b.fsf_-_@x220.int.ebiederm.org> In-Reply-To: <87y2pcvz3b.fsf_-_@x220.int.ebiederm.org> From: Linus Torvalds Date: Thu, 28 May 2020 12:08:02 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 09/11] exec: In bprm_fill_uid only set per_clear when honoring suid or sgid To: "Eric W. Biederman" Cc: Linux Kernel Mailing List , Oleg Nesterov , Jann Horn , Kees Cook , Greg Ungerer , Rob Landley , Bernd Edlinger , linux-fsdevel , Al Viro , Alexey Dobriyan , Andrew Morton , Casey Schaufler , LSM List , James Morris , "Serge E. Hallyn" , Andy Lutomirski Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, May 28, 2020 at 8:53 AM Eric W. Biederman wrote: > > It makes no sense to set active_per_clear when the kernel decides not > to honor the executables setuid or or setgid bits. Instead set > active_per_clear when the kernel actually decides to honor the suid or > sgid permission bits of an executable. You seem to be confused about the naming yourself. You talk about "active_per_clear", but the code is about "per_clear". WTF? Linus