diff options
Diffstat (limited to 'fs/exec.c')
| -rw-r--r-- | fs/exec.c | 33 | 
1 files changed, 18 insertions, 15 deletions
| diff --git a/fs/exec.c b/fs/exec.c index 643019585574..9c73def87642 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -110,13 +110,14 @@ SYSCALL_DEFINE1(uselib, const char __user *, library)  	static const struct open_flags uselib_flags = {  		.open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC,  		.acc_mode = MAY_READ | MAY_EXEC | MAY_OPEN, -		.intent = LOOKUP_OPEN +		.intent = LOOKUP_OPEN, +		.lookup_flags = LOOKUP_FOLLOW,  	};  	if (IS_ERR(tmp))  		goto out; -	file = do_filp_open(AT_FDCWD, tmp, &uselib_flags, LOOKUP_FOLLOW); +	file = do_filp_open(AT_FDCWD, tmp, &uselib_flags);  	putname(tmp);  	error = PTR_ERR(file);  	if (IS_ERR(file)) @@ -756,10 +757,11 @@ struct file *open_exec(const char *name)  	static const struct open_flags open_exec_flags = {  		.open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC,  		.acc_mode = MAY_EXEC | MAY_OPEN, -		.intent = LOOKUP_OPEN +		.intent = LOOKUP_OPEN, +		.lookup_flags = LOOKUP_FOLLOW,  	}; -	file = do_filp_open(AT_FDCWD, &tmp, &open_exec_flags, LOOKUP_FOLLOW); +	file = do_filp_open(AT_FDCWD, &tmp, &open_exec_flags);  	if (IS_ERR(file))  		goto out; @@ -930,6 +932,7 @@ static int de_thread(struct task_struct *tsk)  		 * also take its birthdate (always earlier than our own).  		 */  		tsk->start_time = leader->start_time; +		tsk->real_start_time = leader->real_start_time;  		BUG_ON(!same_thread_group(leader, tsk));  		BUG_ON(has_group_leader_pid(tsk)); @@ -945,9 +948,8 @@ static int de_thread(struct task_struct *tsk)  		 * Note: The old leader also uses this pid until release_task  		 *       is called.  Odd but simple and correct.  		 */ -		detach_pid(tsk, PIDTYPE_PID);  		tsk->pid = leader->pid; -		attach_pid(tsk, PIDTYPE_PID,  task_pid(leader)); +		change_pid(tsk, PIDTYPE_PID, task_pid(leader));  		transfer_pid(leader, tsk, PIDTYPE_PGID);  		transfer_pid(leader, tsk, PIDTYPE_SID); @@ -1135,13 +1137,6 @@ void setup_new_exec(struct linux_binprm * bprm)  			set_dumpable(current->mm, suid_dumpable);  	} -	/* -	 * Flush performance counters when crossing a -	 * security domain: -	 */ -	if (!get_dumpable(current->mm)) -		perf_event_exit_task(current); -  	/* An exec changes our domain. We are no longer part of the thread  	   group */ @@ -1205,6 +1200,15 @@ void install_exec_creds(struct linux_binprm *bprm)  	commit_creds(bprm->cred);  	bprm->cred = NULL; + +	/* +	 * Disable monitoring for regular users +	 * when executing setuid binaries. Must +	 * wait until new credentials are committed +	 * by commit_creds() above +	 */ +	if (get_dumpable(current->mm) != SUID_DUMP_USER) +		perf_event_exit_task(current);  	/*  	 * cred_guard_mutex must be held at least to this point to prevent  	 * ptrace_attach() from altering our determination of the task's @@ -1461,7 +1465,6 @@ static int do_execve_common(const char *filename,  	struct files_struct *displaced;  	bool clear_in_exec;  	int retval; -	const struct cred *cred = current_cred();  	/*  	 * We move the actual failure in case of RLIMIT_NPROC excess from @@ -1470,7 +1473,7 @@ static int do_execve_common(const char *filename,  	 * whether NPROC limit is still exceeded.  	 */  	if ((current->flags & PF_NPROC_EXCEEDED) && -	    atomic_read(&cred->user->processes) > rlimit(RLIMIT_NPROC)) { +	    atomic_read(¤t_user()->processes) > rlimit(RLIMIT_NPROC)) {  		retval = -EAGAIN;  		goto out_ret;  	} | 

