From: Stephen Smalley <sds@epoch.ncsc.mil>

This patch moves the clearing of the new personality bit from
selinux_bprm_apply_creds (called from compute_creds) to
selinux_bprm_set_security (called from prepare_binprm).  This ensures that
the bit is cleared at the same point in exec processing as for
setuid/setgid binaries, prior to setting up the new image.

Signed-off-by:  Stephen Smalley <sds@epoch.ncsc.mil>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 25-akpm/security/selinux/hooks.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diff -puN security/selinux/hooks.c~selinux-fix-clearing-of-new-personality-bit-on-security-transitions security/selinux/hooks.c
--- 25/security/selinux/hooks.c~selinux-fix-clearing-of-new-personality-bit-on-security-transitions	Tue Jul 27 14:20:53 2004
+++ 25-akpm/security/selinux/hooks.c	Tue Jul 27 14:20:53 2004
@@ -1685,6 +1685,9 @@ static int selinux_bprm_set_security(str
 		if (rc)
 			return rc;
 
+		/* Clear any possibly unsafe personality bits on exec: */
+		current->personality &= ~PER_CLEAR_ON_SETID;
+
 		/* Set the security field to the new SID. */
 		bsec->sid = newsid;
 	}
@@ -1895,9 +1898,6 @@ static void selinux_bprm_apply_creds(str
 			task_unlock(current);
 		}
 
-		/* Clear any possibly unsafe personality bits on exec: */
-		current->personality &= ~PER_CLEAR_ON_SETID;
-
 		/* Close files for which the new task SID is not authorized. */
 		flush_unauthorized_files(current->files);
 
_