Re: [PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file

From: Linus Torvalds
Date: Sat May 09 2020 - 16:20:00 EST

Next message: Russell King - ARM Linux admin: "Re: [EXT] Re: [PATCH net-next 3/5] net: mvpp2: cls: Use RSS contexts to handle RSS tables"
Previous message: Eric W. Biederman: "Re: [PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file"
In reply to: Eric W. Biederman: "Re: [PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file"
Next in thread: Kees Cook: "Re: [PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sat, May 9, 2020 at 1:15 PM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
>
> I agree something needs to be renamed, to remove confusion.

Yeah, the alternative is to rename the capability version. I don't
care much which way it goes, although I do think it's best to call out
explicitly that the security hook functions get only the "primary"
executable brpm info.

Which is why I'd prefer to just rename all those low-level security
cases. It makes for a slightly bigger patch, but I think it makes for
better readability, and makes it explicit that that hook is literally
just for the primary executable, not for the interpreter or whatever.

Linus

Next message: Russell King - ARM Linux admin: "Re: [EXT] Re: [PATCH net-next 3/5] net: mvpp2: cls: Use RSS contexts to handle RSS tables"
Previous message: Eric W. Biederman: "Re: [PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file"
In reply to: Eric W. Biederman: "Re: [PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file"
Next in thread: Kees Cook: "Re: [PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]