summaryrefslogtreecommitdiff
path: root/fs/internal.h
diff options
context:
space:
mode:
authorHugh Dickins <hugh@veritas.com>2009-03-28 23:20:19 +0000
committerLinus Torvalds <torvalds@linux-foundation.org>2009-03-28 17:30:00 -0700
commite426b64c412aaa3e9eb3e4b261dc5be0d5a83e78 (patch)
treec1528139b34fef3e4595576266c64068098fe211 /fs/internal.h
parent53e9309e01277ec99c38e84e0ca16921287cf470 (diff)
downloadlwn-e426b64c412aaa3e9eb3e4b261dc5be0d5a83e78.tar.gz
lwn-e426b64c412aaa3e9eb3e4b261dc5be0d5a83e78.zip
fix setuid sometimes doesn't
Joe Malicki reports that setuid sometimes doesn't: very rarely, a setuid root program does not get root euid; and, by the way, they have a health check running lsof every few minutes. Right, check_unsafe_exec() notes whether the files_struct is being shared by more threads than will get killed by the exec, and if so sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid. But /proc/<pid>/fd and /proc/<pid>/fdinfo lookups make transient use of get_files_struct(), which also raises that sharing count. There's a rather simple fix for this: exec's check on files->count has been redundant ever since 2.6.1 made it unshare_files() (except while compat_do_execve() omitted to do so) - just remove that check. [Note to -stable: this patch will not apply before 2.6.29: earlier releases should just remove the files->count line from unsafe_exec().] Reported-by: Joe Malicki <jmalicki@metacarta.com> Narrowed-down-by: Michael Itz <mitz@metacarta.com> Tested-by: Joe Malicki <jmalicki@metacarta.com> Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'fs/internal.h')
-rw-r--r--fs/internal.h2
1 files changed, 1 insertions, 1 deletions
diff --git a/fs/internal.h b/fs/internal.h
index 0d8ac497b3d5..53af885f1732 100644
--- a/fs/internal.h
+++ b/fs/internal.h
@@ -43,7 +43,7 @@ extern void __init chrdev_init(void);
/*
* exec.c
*/
-extern void check_unsafe_exec(struct linux_binprm *, struct files_struct *);
+extern void check_unsafe_exec(struct linux_binprm *);
/*
* namespace.c