Re: [PATCH 09/11] exec: In bprm_fill_uid only set per_clear when honoring suid or sgid

From: Eric W. Biederman
Date: Thu May 28 2020 - 15:26:03 EST

Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx> writes:

> On Thu, May 28, 2020 at 8:53 AM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
>> It makes no sense to set active_per_clear when the kernel decides not
>> to honor the executables setuid or or setgid bits. Instead set
>> active_per_clear when the kernel actually decides to honor the suid or
>> sgid permission bits of an executable.
> You seem to be confused about the naming yourself.
> You talk about "active_per_clear", but the code is about "per_clear". WTF?

I figured out how to kill active_per_clear see (3/11) and I failed to
update the patch description here.

I think active_ is a louzy suffix but since it all goes away in patch 3
when I remove the recomputation and the need to have two versions of the
setting I think it is probably good enough.