Re: [PATCH v2 1/8] exec: Teach prepare_exec_creds how exec treats uids & gids

From: Linus Torvalds
Date: Tue May 19 2020 - 14:28:37 EST

Next message: Rob Herring: "Re: [PATCH v2 01/14] dt-bindings: arm: add a binding document for MediaTek PERICFG controller"
Previous message: Kees Cook: "Re: [PATCH v2 5/8] exec: Move the call of prepare_binprm into search_binary_handler"
In reply to: Kees Cook: "Re: [PATCH v2 1/8] exec: Teach prepare_exec_creds how exec treats uids & gids"
Next in thread: Eric W. Biederman: "Re: [PATCH v2 1/8] exec: Teach prepare_exec_creds how exec treats uids & gids"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, May 19, 2020 at 11:03 AM Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> One question, though: why add this, since the repeat calling of the caps
> LSM hook will do this?

I assume it's for the "preserve_creds" case where we don't even end up
setting creds at all.

Yeah, at some point we'll hit a bprm handler that doesn't set
'preserve_creds', and it all does get set in the end, but that's not
statically all that obvious.

I think it makes sense to initialize as much as possible from the
generic code, and rely as little as possible on what the binfmt
handlers end up actually doing.

Linus

Next message: Rob Herring: "Re: [PATCH v2 01/14] dt-bindings: arm: add a binding document for MediaTek PERICFG controller"
Previous message: Kees Cook: "Re: [PATCH v2 5/8] exec: Move the call of prepare_binprm into search_binary_handler"
In reply to: Kees Cook: "Re: [PATCH v2 1/8] exec: Teach prepare_exec_creds how exec treats uids & gids"
Next in thread: Eric W. Biederman: "Re: [PATCH v2 1/8] exec: Teach prepare_exec_creds how exec treats uids & gids"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]