[PATCH 0/2] exec: Use sane stack rlimit for setuid exec

From: Kees Cook
Date: Fri Jul 07 2017 - 15:57:23 EST

Next message: Stafford Horne: "[PATCH] locking/qspinlock: explicitly include asm/prefetch.h"
Previous message: Stafford Horne: "Openrisc fixes for 4.13"
Next in thread: Kees Cook: "[PATCH 2/2] exec: Use sane stack rlimit for setuid exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

As discussed with Linus and Andy, we need to reset the stack rlimit
before we do memory layouts when execing a privilege-gaining (e.g.
setuid) program. This moves security_bprm_secureexec() earlier (with
required changes), and then lowers the stack limit when appropriate.

As a side-effect, dumpability is expanded to cover capabilities and
other LSM definitions of secureexec, and Smack can drop its special
handler for pdeath_signal clearing.

I'd appreciate some extra eyes on this to make sure this isn't
broken in some special way. I couldn't find anything that _depended_
on security_bprm_secureexec() being called late.

Thanks!

-Kees

Next message: Stafford Horne: "[PATCH] locking/qspinlock: explicitly include asm/prefetch.h"
Previous message: Stafford Horne: "Openrisc fixes for 4.13"
Next in thread: Kees Cook: "[PATCH 2/2] exec: Use sane stack rlimit for setuid exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]