Commit 1b5d783c authored by Al Viro's avatar Al Viro

consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling

new helper: would_dump(bprm, file).  Checks if we are allowed to
read the file and if we are not - sets ENFORCE_NODUMP.  Exported,
used in places that previously open-coded the same logics.
Signed-off-by: default avatarAl Viro <viro@zeniv.linux.org.uk>
parent 78f32a9b
...@@ -668,8 +668,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs) ...@@ -668,8 +668,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
* mm->dumpable = 0 regardless of the interpreter's * mm->dumpable = 0 regardless of the interpreter's
* permissions. * permissions.
*/ */
if (file_permission(interpreter, MAY_READ) < 0) would_dump(bprm, interpreter);
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
retval = kernel_read(interpreter, 0, bprm->buf, retval = kernel_read(interpreter, 0, bprm->buf,
BINPRM_BUF_SIZE); BINPRM_BUF_SIZE);
......
...@@ -245,8 +245,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm, ...@@ -245,8 +245,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm,
* mm->dumpable = 0 regardless of the interpreter's * mm->dumpable = 0 regardless of the interpreter's
* permissions. * permissions.
*/ */
if (file_permission(interpreter, MAY_READ) < 0) would_dump(bprm, interpreter);
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
retval = kernel_read(interpreter, 0, bprm->buf, retval = kernel_read(interpreter, 0, bprm->buf,
BINPRM_BUF_SIZE); BINPRM_BUF_SIZE);
......
...@@ -149,8 +149,7 @@ static int load_misc_binary(struct linux_binprm *bprm, struct pt_regs *regs) ...@@ -149,8 +149,7 @@ static int load_misc_binary(struct linux_binprm *bprm, struct pt_regs *regs)
/* if the binary is not readable than enforce mm->dumpable=0 /* if the binary is not readable than enforce mm->dumpable=0
regardless of the interpreter's permissions */ regardless of the interpreter's permissions */
if (file_permission(bprm->file, MAY_READ)) would_dump(bprm, bprm->file);
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
allow_write_access(bprm->file); allow_write_access(bprm->file);
bprm->file = NULL; bprm->file = NULL;
......
...@@ -1105,6 +1105,13 @@ int flush_old_exec(struct linux_binprm * bprm) ...@@ -1105,6 +1105,13 @@ int flush_old_exec(struct linux_binprm * bprm)
} }
EXPORT_SYMBOL(flush_old_exec); EXPORT_SYMBOL(flush_old_exec);
void would_dump(struct linux_binprm *bprm, struct file *file)
{
if (inode_permission(file->f_path.dentry->d_inode, MAY_READ) < 0)
bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
}
EXPORT_SYMBOL(would_dump);
void setup_new_exec(struct linux_binprm * bprm) void setup_new_exec(struct linux_binprm * bprm)
{ {
int i, ch; int i, ch;
...@@ -1144,9 +1151,10 @@ void setup_new_exec(struct linux_binprm * bprm) ...@@ -1144,9 +1151,10 @@ void setup_new_exec(struct linux_binprm * bprm)
if (bprm->cred->uid != current_euid() || if (bprm->cred->uid != current_euid() ||
bprm->cred->gid != current_egid()) { bprm->cred->gid != current_egid()) {
current->pdeath_signal = 0; current->pdeath_signal = 0;
} else if (file_permission(bprm->file, MAY_READ) || } else {
bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) { would_dump(bprm, bprm->file);
set_dumpable(current->mm, suid_dumpable); if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
set_dumpable(current->mm, suid_dumpable);
} }
/* /*
......
...@@ -111,6 +111,7 @@ extern int __must_check remove_arg_zero(struct linux_binprm *); ...@@ -111,6 +111,7 @@ extern int __must_check remove_arg_zero(struct linux_binprm *);
extern int search_binary_handler(struct linux_binprm *, struct pt_regs *); extern int search_binary_handler(struct linux_binprm *, struct pt_regs *);
extern int flush_old_exec(struct linux_binprm * bprm); extern int flush_old_exec(struct linux_binprm * bprm);
extern void setup_new_exec(struct linux_binprm * bprm); extern void setup_new_exec(struct linux_binprm * bprm);
extern void would_dump(struct linux_binprm *, struct file *);
extern int suid_dumpable; extern int suid_dumpable;
#define SUID_DUMP_DISABLE 0 /* No setuid dumping */ #define SUID_DUMP_DISABLE 0 /* No setuid dumping */
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment