mirror of
https://gitee.com/bianbu-linux/linux-6.6
synced 2025-04-24 14:07:52 -04:00
Merge branch 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace
Pull execve updates from Eric Biederman: "Last cycle for the Nth time I ran into bugs and quality of implementation issues related to exec that could not be easily be fixed because of the way exec is implemented. So I have been digging into exec and cleanup up what I can. I don't think I have exec sorted out enough to fix the issues I started with but I have made some headway this cycle with 4 sets of changes. - promised cleanups after introducing exec_update_mutex - trivial cleanups for exec - control flow simplifications - remove the recomputation of bprm->cred The net result is code that is a bit easier to understand and work with and a decrease in the number of lines of code (if you don't count the added tests)" * 'exec-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace: (24 commits) exec: Compute file based creds only once exec: Add a per bprm->file version of per_clear binfmt_elf_fdpic: fix execfd build regression selftests/exec: Add binfmt_script regression test exec: Remove recursion from search_binary_handler exec: Generic execfd support exec/binfmt_script: Don't modify bprm->buf and then return -ENOEXEC exec: Move the call of prepare_binprm into search_binary_handler exec: Allow load_misc_binary to call prepare_binprm unconditionally exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds exec: Teach prepare_exec_creds how exec treats uids & gids exec: Set the point of no return sooner exec: Move handling of the point of no return to the top level exec: Run sync_mm_rss before taking exec_update_mutex exec: Fix spelling of search_binary_handler in a comment exec: Move the comment from above de_thread to above unshare_sighand exec: Rename flush_old_exec begin_new_exec exec: Move most of setup_new_exec into flush_old_exec exec: In setup_new_exec cache current in the local variable me ...
This commit is contained in:
Linus Torvalds
commit
15a2bc4dbb
27 changed files with 501 additions and 387 deletions
|
|
@ -34,40 +34,48 @@
|
|||
*
|
||||
* Security hooks for program execution operations.
|
||||
*
|
||||
* @bprm_set_creds:
|
||||
* Save security information in the bprm->security field, typically based
|
||||
* on information about the bprm->file, for later use by the apply_creds
|
||||
* hook. This hook may also optionally check permissions (e.g. for
|
||||
* transitions between security domains).
|
||||
* This hook may be called multiple times during a single execve, e.g. for
|
||||
* interpreters. The hook can tell whether it has already been called by
|
||||
* checking to see if @bprm->security is non-NULL. If so, then the hook
|
||||
* may decide either to retain the security information saved earlier or
|
||||
* to replace it. The hook must set @bprm->secureexec to 1 if a "secure
|
||||
* exec" has happened as a result of this hook call. The flag is used to
|
||||
* indicate the need for a sanitized execution environment, and is also
|
||||
* passed in the ELF auxiliary table on the initial stack to indicate
|
||||
* whether libc should enable secure mode.
|
||||
* @bprm_creds_for_exec:
|
||||
* If the setup in prepare_exec_creds did not setup @bprm->cred->security
|
||||
* properly for executing @bprm->file, update the LSM's portion of
|
||||
* @bprm->cred->security to be what commit_creds needs to install for the
|
||||
* new program. This hook may also optionally check permissions
|
||||
* (e.g. for transitions between security domains).
|
||||
* The hook must set @bprm->secureexec to 1 if AT_SECURE should be set to
|
||||
* request libc enable secure mode.
|
||||
* @bprm contains the linux_binprm structure.
|
||||
* Return 0 if the hook is successful and permission is granted.
|
||||
* @bprm_creds_from_file:
|
||||
* If @file is setpcap, suid, sgid or otherwise marked to change
|
||||
* privilege upon exec, update @bprm->cred to reflect that change.
|
||||
* This is called after finding the binary that will be executed.
|
||||
* without an interpreter. This ensures that the credentials will not
|
||||
* be derived from a script that the binary will need to reopen, which
|
||||
* when reopend may end up being a completely different file. This
|
||||
* hook may also optionally check permissions (e.g. for transitions
|
||||
* between security domains).
|
||||
* The hook must set @bprm->secureexec to 1 if AT_SECURE should be set to
|
||||
* request libc enable secure mode.
|
||||
* The hook must add to @bprm->per_clear any personality flags that
|
||||
* should be cleared from current->personality.
|
||||
* @bprm contains the linux_binprm structure.
|
||||
* Return 0 if the hook is successful and permission is granted.
|
||||
* @bprm_check_security:
|
||||
* This hook mediates the point when a search for a binary handler will
|
||||
* begin. It allows a check the @bprm->security value which is set in the
|
||||
* preceding set_creds call. The primary difference from set_creds is
|
||||
* that the argv list and envp list are reliably available in @bprm. This
|
||||
* hook may be called multiple times during a single execve; and in each
|
||||
* pass set_creds is called first.
|
||||
* begin. It allows a check against the @bprm->cred->security value
|
||||
* which was set in the preceding creds_for_exec call. The argv list and
|
||||
* envp list are reliably available in @bprm. This hook may be called
|
||||
* multiple times during a single execve.
|
||||
* @bprm contains the linux_binprm structure.
|
||||
* Return 0 if the hook is successful and permission is granted.
|
||||
* @bprm_committing_creds:
|
||||
* Prepare to install the new security attributes of a process being
|
||||
* transformed by an execve operation, based on the old credentials
|
||||
* pointed to by @current->cred and the information set in @bprm->cred by
|
||||
* the bprm_set_creds hook. @bprm points to the linux_binprm structure.
|
||||
* This hook is a good place to perform state changes on the process such
|
||||
* as closing open file descriptors to which access will no longer be
|
||||
* granted when the attributes are changed. This is called immediately
|
||||
* before commit_creds().
|
||||
* the bprm_creds_for_exec hook. @bprm points to the linux_binprm
|
||||
* structure. This hook is a good place to perform state changes on the
|
||||
* process such as closing open file descriptors to which access will no
|
||||
* longer be granted when the attributes are changed. This is called
|
||||
* immediately before commit_creds().
|
||||
* @bprm_committed_creds:
|
||||
* Tidy up after the installation of the new security attributes of a
|
||||
* process being transformed by an execve operation. The new credentials
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue