mirror of
https://github.com/torvalds/linux.git
synced 2024-11-25 21:51:40 +00:00
exec: Weaken dumpability for secureexec
This is a logical revert of commite37fdb785a
("exec: Use secureexec for setting dumpability") This weakens dumpability back to checking only for uid/gid changes in current (which is useless), but userspace depends on dumpability not being tied to secureexec. https://bugzilla.redhat.com/show_bug.cgi?id=1528633 Reported-by: Tom Horsley <horsley1953@gmail.com> Fixes:e37fdb785a
("exec: Use secureexec for setting dumpability") Cc: stable@vger.kernel.org Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
This commit is contained in:
parent
30a7acd573
commit
e816c201ae
@ -1349,9 +1349,14 @@ void setup_new_exec(struct linux_binprm * bprm)
|
||||
|
||||
current->sas_ss_sp = current->sas_ss_size = 0;
|
||||
|
||||
/* Figure out dumpability. */
|
||||
/*
|
||||
* Figure out dumpability. Note that this checking only of current
|
||||
* is wrong, but userspace depends on it. This should be testing
|
||||
* bprm->secureexec instead.
|
||||
*/
|
||||
if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP ||
|
||||
bprm->secureexec)
|
||||
!(uid_eq(current_euid(), current_uid()) &&
|
||||
gid_eq(current_egid(), current_gid())))
|
||||
set_dumpable(current->mm, suid_dumpable);
|
||||
else
|
||||
set_dumpable(current->mm, SUID_DUMP_USER);
|
||||
|
Loading…
Reference in New Issue
Block a user