Commit 1b5d783c94c328d406e801566f161adcfb018dda
1 parent
78f32a9b47
Exists in
master
and in
6 other branches
consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling
new helper: would_dump(bprm, file). Checks if we are allowed to read the file and if we are not - sets ENFORCE_NODUMP. Exported, used in places that previously open-coded the same logics. Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Showing 5 changed files with 15 additions and 9 deletions Side-by-side Diff
fs/binfmt_elf.c
... | ... | @@ -668,8 +668,7 @@ |
668 | 668 | * mm->dumpable = 0 regardless of the interpreter's |
669 | 669 | * permissions. |
670 | 670 | */ |
671 | - if (file_permission(interpreter, MAY_READ) < 0) | |
672 | - bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; | |
671 | + would_dump(bprm, interpreter); | |
673 | 672 | |
674 | 673 | retval = kernel_read(interpreter, 0, bprm->buf, |
675 | 674 | BINPRM_BUF_SIZE); |
fs/binfmt_elf_fdpic.c
... | ... | @@ -245,8 +245,7 @@ |
245 | 245 | * mm->dumpable = 0 regardless of the interpreter's |
246 | 246 | * permissions. |
247 | 247 | */ |
248 | - if (file_permission(interpreter, MAY_READ) < 0) | |
249 | - bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; | |
248 | + would_dump(bprm, interpreter); | |
250 | 249 | |
251 | 250 | retval = kernel_read(interpreter, 0, bprm->buf, |
252 | 251 | BINPRM_BUF_SIZE); |
fs/binfmt_misc.c
... | ... | @@ -149,8 +149,7 @@ |
149 | 149 | |
150 | 150 | /* if the binary is not readable than enforce mm->dumpable=0 |
151 | 151 | regardless of the interpreter's permissions */ |
152 | - if (file_permission(bprm->file, MAY_READ)) | |
153 | - bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; | |
152 | + would_dump(bprm, bprm->file); | |
154 | 153 | |
155 | 154 | allow_write_access(bprm->file); |
156 | 155 | bprm->file = NULL; |
fs/exec.c
... | ... | @@ -1105,6 +1105,13 @@ |
1105 | 1105 | } |
1106 | 1106 | EXPORT_SYMBOL(flush_old_exec); |
1107 | 1107 | |
1108 | +void would_dump(struct linux_binprm *bprm, struct file *file) | |
1109 | +{ | |
1110 | + if (inode_permission(file->f_path.dentry->d_inode, MAY_READ) < 0) | |
1111 | + bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP; | |
1112 | +} | |
1113 | +EXPORT_SYMBOL(would_dump); | |
1114 | + | |
1108 | 1115 | void setup_new_exec(struct linux_binprm * bprm) |
1109 | 1116 | { |
1110 | 1117 | int i, ch; |
... | ... | @@ -1144,9 +1151,10 @@ |
1144 | 1151 | if (bprm->cred->uid != current_euid() || |
1145 | 1152 | bprm->cred->gid != current_egid()) { |
1146 | 1153 | current->pdeath_signal = 0; |
1147 | - } else if (file_permission(bprm->file, MAY_READ) || | |
1148 | - bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) { | |
1149 | - set_dumpable(current->mm, suid_dumpable); | |
1154 | + } else { | |
1155 | + would_dump(bprm, bprm->file); | |
1156 | + if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) | |
1157 | + set_dumpable(current->mm, suid_dumpable); | |
1150 | 1158 | } |
1151 | 1159 | |
1152 | 1160 | /* |
include/linux/binfmts.h
... | ... | @@ -111,6 +111,7 @@ |
111 | 111 | extern int search_binary_handler(struct linux_binprm *, struct pt_regs *); |
112 | 112 | extern int flush_old_exec(struct linux_binprm * bprm); |
113 | 113 | extern void setup_new_exec(struct linux_binprm * bprm); |
114 | +extern void would_dump(struct linux_binprm *, struct file *); | |
114 | 115 | |
115 | 116 | extern int suid_dumpable; |
116 | 117 | #define SUID_DUMP_DISABLE 0 /* No setuid dumping */ |