consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling

new helper: would_dump(bprm, file). Checks if we are allowed to read the file and if we are not - sets ENFORCE_NODUMP. Exported, used in places that previously open-coded the same logics. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling
new helper: would_dump(bprm, file). Checks if we are allowed to read the file and if we are not - sets ENFORCE_NODUMP. Exported, used in places that previously open-coded the same logics. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Al Viro
1 parent 78f32a9b47
Showing 5 changed files with 15 additions and 9 deletions Side-by-side Diff
fs/binfmt_elf.c
fs/binfmt_elf_fdpic.c
fs/binfmt_misc.c
fs/exec.c
include/linux/binfmts.h
@@ -668,8 +668,7 @@
 			 * mm->dumpable = 0 regardless of the interpreter's
 			 * permissions.
 			 */
-			if (file_permission(interpreter, MAY_READ) < 0)
-				bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+			would_dump(bprm, interpreter);
  
 			retval = kernel_read(interpreter, 0, bprm->buf,
 					     BINPRM_BUF_SIZE);
@@ -245,8 +245,7 @@
 			 * mm->dumpable = 0 regardless of the interpreter's
 			 * permissions.
 			 */
-			if (file_permission(interpreter, MAY_READ) < 0)
-				bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+			would_dump(bprm, interpreter);
  
 			retval = kernel_read(interpreter, 0, bprm->buf,
 					     BINPRM_BUF_SIZE);
@@ -149,8 +149,7 @@
  
 		/* if the binary is not readable than enforce mm->dumpable=0
 		   regardless of the interpreter's permissions */
-		if (file_permission(bprm->file, MAY_READ))
-			bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+		would_dump(bprm, bprm->file);
  
 		allow_write_access(bprm->file);
 		bprm->file = NULL;
@@ -1105,6 +1105,13 @@
 }
 EXPORT_SYMBOL(flush_old_exec);
  
+void would_dump(struct linux_binprm *bprm, struct file *file)
+{
+	if (inode_permission(file->f_path.dentry->d_inode, MAY_READ) < 0)
+		bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+}
+EXPORT_SYMBOL(would_dump);
+
 void setup_new_exec(struct linux_binprm * bprm)
 {
 	int i, ch;
@@ -1144,9 +1151,10 @@
 	if (bprm->cred->uid != current_euid() ||
 	    bprm->cred->gid != current_egid()) {
 		current->pdeath_signal = 0;
-	} else if (file_permission(bprm->file, MAY_READ) ||
-		   bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) {
-		set_dumpable(current->mm, suid_dumpable);
+	} else {
+		would_dump(bprm, bprm->file);
+		if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
+			set_dumpable(current->mm, suid_dumpable);
 	}
  
 	/*
@@ -111,6 +111,7 @@
 extern int search_binary_handler(struct linux_binprm *, struct pt_regs *);
 extern int flush_old_exec(struct linux_binprm * bprm);
 extern void setup_new_exec(struct linux_binprm * bprm);
+extern void would_dump(struct linux_binprm *, struct file *);
  
 extern int suid_dumpable;
 #define SUID_DUMP_DISABLE	0	/* No setuid dumping */
...	...	@@ -668,8 +668,7 @@
668	668	* mm->dumpable = 0 regardless of the interpreter's
669	669	* permissions.
670	670	*/
671		- if (file_permission(interpreter, MAY_READ) < 0)
672		- bprm->interp_flags \|= BINPRM_FLAGS_ENFORCE_NONDUMP;
	671	+ would_dump(bprm, interpreter);
673	672
674	673	retval = kernel_read(interpreter, 0, bprm->buf,
675	674	BINPRM_BUF_SIZE);
...	...	@@ -245,8 +245,7 @@
245	245	* mm->dumpable = 0 regardless of the interpreter's
246	246	* permissions.
247	247	*/
248		- if (file_permission(interpreter, MAY_READ) < 0)
249		- bprm->interp_flags \|= BINPRM_FLAGS_ENFORCE_NONDUMP;
	248	+ would_dump(bprm, interpreter);
250	249
251	250	retval = kernel_read(interpreter, 0, bprm->buf,
252	251	BINPRM_BUF_SIZE);
...	...	@@ -149,8 +149,7 @@
149	149
150	150	/* if the binary is not readable than enforce mm->dumpable=0
151	151	regardless of the interpreter's permissions */
152		- if (file_permission(bprm->file, MAY_READ))
153		- bprm->interp_flags \|= BINPRM_FLAGS_ENFORCE_NONDUMP;
	152	+ would_dump(bprm, bprm->file);
154	153
155	154	allow_write_access(bprm->file);
156	155	bprm->file = NULL;
...	...	@@ -1105,6 +1105,13 @@
1105	1105	}
1106	1106	EXPORT_SYMBOL(flush_old_exec);
1107	1107
	1108	+void would_dump(struct linux_binprm bprm, struct file file)
	1109	+{
	1110	+ if (inode_permission(file->f_path.dentry->d_inode, MAY_READ) < 0)
	1111	+ bprm->interp_flags \|= BINPRM_FLAGS_ENFORCE_NONDUMP;
	1112	+}
	1113	+EXPORT_SYMBOL(would_dump);
	1114	+
1108	1115	void setup_new_exec(struct linux_binprm * bprm)
1109	1116	{
1110	1117	int i, ch;
...	...	@@ -1144,9 +1151,10 @@
1144	1151	if (bprm->cred->uid != current_euid() \|\|
1145	1152	bprm->cred->gid != current_egid()) {
1146	1153	current->pdeath_signal = 0;
1147		- } else if (file_permission(bprm->file, MAY_READ) \|\|
1148		- bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) {
1149		- set_dumpable(current->mm, suid_dumpable);
	1154	+ } else {
	1155	+ would_dump(bprm, bprm->file);
	1156	+ if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
	1157	+ set_dumpable(current->mm, suid_dumpable);
1150	1158	}
1151	1159
1152	1160	/*
...	...	@@ -111,6 +111,7 @@
111	111	extern int search_binary_handler(struct linux_binprm , struct pt_regs );
112	112	extern int flush_old_exec(struct linux_binprm * bprm);
113	113	extern void setup_new_exec(struct linux_binprm * bprm);
	114	+extern void would_dump(struct linux_binprm , struct file );
114	115
115	116	extern int suid_dumpable;
116	117	#define SUID_DUMP_DISABLE 0 /* No setuid dumping */