Organization: Red Hat UK Ltd. Registered Address: Red Hat UK Ltd, Amberley
	Place, 107-111 Peascod Street, Windsor, Berkshire, SI4 1TE, United
	Kingdom.
	Registered in England and Wales under Company Registration No. 3798903
From: David Howells <dhowells@redhat.com>
In-Reply-To: <alpine.LRH.1.10.0808210833080.8202@tundra.namei.org>
References: <alpine.LRH.1.10.0808210833080.8202@tundra.namei.org> <20080820135624.10583.99230.stgit@warthog.procyon.org.uk>
To: James Morris <jmorris@namei.org>
Cc: dhowells@redhat.com, a.beregalov@gmail.com, linux-kernel@vger.kernel.org,
       linux-security-module@vger.kernel.org
Subject: Re: [PATCH] CRED: Further fix execve error handling
Date: Thu, 21 Aug 2008 13:43:23 +0100
Message-ID: <4783.1219322603@redhat.com>
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 898
Lines: 19

James Morris <jmorris@namei.org> wrote:

> How about moving the mutex_unlock() out of free_bprm() and into the 
> calling code ?

Okay, I've sent you a patch to do this.  Note that it only affects the error
handling case.  In the case of a successful execution, install_exec_creds()
will release the mutex when it is safe to do so.  This then permits
PTRACE_ATTACH to take place from that point.  I could shift the unlock so that
it always happens in [compat_]do_execve() - do you think it's worth it?  It
would mean that ptrace wouldn't be able to attach to a process that's still
under construction by the binfmt, which is probably reasonable.

David
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/