Re: [PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file

From: Linus Torvalds
Date: Sat May 09 2020 - 16:20:00 EST


On Sat, May 9, 2020 at 1:15 PM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
>
> I agree something needs to be renamed, to remove confusion.

Yeah, the alternative is to rename the capability version. I don't
care much which way it goes, although I do think it's best to call out
explicitly that the security hook functions get only the "primary"
executable brpm info.

Which is why I'd prefer to just rename all those low-level security
cases. It makes for a slightly bigger patch, but I think it makes for
better readability, and makes it explicit that that hook is literally
just for the primary executable, not for the interpreter or whatever.

Linus