summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--fs/binfmt_misc.c15
-rw-r--r--fs/exec.c19
-rw-r--r--include/linux/binfmts.h2
3 files changed, 17 insertions, 19 deletions
diff --git a/fs/binfmt_misc.c b/fs/binfmt_misc.c
index cdb45829354d..264829745d6f 100644
--- a/fs/binfmt_misc.c
+++ b/fs/binfmt_misc.c
@@ -218,19 +218,10 @@ static int load_misc_binary(struct linux_binprm *bprm)
goto error;
bprm->file = interp_file;
- if (fmt->flags & MISC_FMT_CREDENTIALS) {
- loff_t pos = 0;
-
- /*
- * No need to call prepare_binprm(), it's already been
- * done. bprm->buf is stale, update from interp_file.
- */
- memset(bprm->buf, 0, BINPRM_BUF_SIZE);
- retval = kernel_read(bprm->file, bprm->buf, BINPRM_BUF_SIZE,
- &pos);
- } else
- retval = prepare_binprm(bprm);
+ if (fmt->flags & MISC_FMT_CREDENTIALS)
+ bprm->preserve_creds = 1;
+ retval = prepare_binprm(bprm);
if (retval < 0)
goto error;
diff --git a/fs/exec.c b/fs/exec.c
index 8e3b93d51d31..028e0e323af5 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1631,15 +1631,20 @@ static void bprm_fill_uid(struct linux_binprm *bprm)
*/
int prepare_binprm(struct linux_binprm *bprm)
{
- int retval;
loff_t pos = 0;
- /* Recompute parts of bprm->cred based on bprm->file */
- bprm->active_secureexec = 0;
- bprm_fill_uid(bprm);
- retval = security_bprm_repopulate_creds(bprm);
- if (retval)
- return retval;
+ /* Can the interpreter get to the executable without races? */
+ if (!bprm->preserve_creds) {
+ int retval;
+
+ /* Recompute parts of bprm->cred based on bprm->file */
+ bprm->active_secureexec = 0;
+ bprm_fill_uid(bprm);
+ retval = security_bprm_repopulate_creds(bprm);
+ if (retval)
+ return retval;
+ }
+ bprm->preserve_creds = 0;
memset(bprm->buf, 0, BINPRM_BUF_SIZE);
return kernel_read(bprm->file, bprm->buf, BINPRM_BUF_SIZE, &pos);
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 8605ab4a0f89..dbb5614d62a2 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -26,6 +26,8 @@ struct linux_binprm {
unsigned long p; /* current top of mem */
unsigned long argmin; /* rlimit marker for copy_strings() */
unsigned int
+ /* It is safe to use the creds of a script (see binfmt_misc) */
+ preserve_creds:1,
/*
* True if most recent call to security_bprm_set_creds
* resulted in elevated privileges.