From: Chris Wright <chrisw@osdl.org>

I found that the intel patchset (and mine as well) leaked i_writecount on
the original executed file.  In addition, I verified that the steal_locks()
bit is indeed needed.  Here is a fix relative to my last patch.


---

 25-akpm/fs/binfmt_misc.c |   15 +++++++++------
 1 files changed, 9 insertions(+), 6 deletions(-)

diff -puN fs/binfmt_misc.c~binfmt_misc-credentials-fixes-2 fs/binfmt_misc.c
--- 25/fs/binfmt_misc.c~binfmt_misc-credentials-fixes-2	2004-04-30 23:18:22.196632784 -0700
+++ 25-akpm/fs/binfmt_misc.c	2004-04-30 23:18:22.200632176 -0700
@@ -150,6 +150,14 @@ static int load_misc_binary(struct linux
  		}
  		fd_install(fd_binary, bprm->file);
 
+		/* if the binary is not readable than enforce mm->dumpable=0
+		   regardless of the interpreter's permissions */
+		if (permission(bprm->file->f_dentry->d_inode, MAY_READ, NULL))
+			bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+
+		allow_write_access(bprm->file);
+		bprm->file = NULL;
+
 		/* make argv[1] be the file descriptor of the binary */
  		snprintf(fd_str, sizeof(fd_str), "%d", fd_binary);
  		retval = copy_strings_kernel(1, &fdsp, bprm);
@@ -157,10 +165,6 @@ static int load_misc_binary(struct linux
 			goto _error;
 		bprm->argc++;
 
-		/* if the binary is not readable than enforce mm->dumpable=0
-		   regardless of the interpreter's permissions */
-		if (permission(bprm->file->f_dentry->d_inode, MAY_READ, NULL))
-			bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
  	} else {
  		allow_write_access(bprm->file);
  		fput(bprm->file);
@@ -199,13 +203,12 @@ static int load_misc_binary(struct linux
 	retval = search_binary_handler (bprm, regs);
 	if (retval < 0)
 		goto _error;
-#if 0
+
 	if (files) {
 		steal_locks(files);
 		put_files_struct(files);
 		files = NULL;
 	}
-#endif
 _ret:
 	return retval;
 _error:

_