diff options
| author | Stephen D. Smalley <sds@epoch.ncsc.mil> | 2004-07-28 08:57:50 -0700 |
|---|---|---|
| committer | Linus Torvalds <torvalds@ppc970.osdl.org> | 2004-07-28 08:57:50 -0700 |
| commit | ddd443e4d88c6e39bc3a6d249a980ccc438544cb (patch) | |
| tree | bb0fd045f97d157e02841923d90a560dcf75fac3 /security | |
| parent | dac25d20e595802bd1ad2dc95dba53cbf7ac38ed (diff) | |
| download | history-ddd443e4d88c6e39bc3a6d249a980ccc438544cb.tar.gz | |
[PATCH] selinux: fix clearing of new personality bit on security transitions
This patch moves the clearing of the new personality bit from
selinux_bprm_apply_creds (called from compute_creds) to
selinux_bprm_set_security (called from prepare_binprm). This ensures that the
bit is cleared at the same point in exec processing as for setuid/setgid
binaries, prior to setting up the new image.
Signed-off-by: Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/selinux/hooks.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 9ceb598f2bee90..52fa3cfdfd5b86 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1685,6 +1685,9 @@ static int selinux_bprm_set_security(struct linux_binprm *bprm) if (rc) return rc; + /* Clear any possibly unsafe personality bits on exec: */ + current->personality &= ~PER_CLEAR_ON_SETID; + /* Set the security field to the new SID. */ bsec->sid = newsid; } @@ -1895,9 +1898,6 @@ static void selinux_bprm_apply_creds(struct linux_binprm *bprm, int unsafe) task_unlock(current); } - /* Clear any possibly unsafe personality bits on exec: */ - current->personality &= ~PER_CLEAR_ON_SETID; - /* Close files for which the new task SID is not authorized. */ flush_unauthorized_files(current->files); |