On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook <keesc...@chromium.org> wrote: > The cred_prepared bprm flag has a misleading name. It has nothing to do > with the bprm_prepare_cred hook, and actually tracks if bprm_set_creds has > been called. Rename this flag and improve its comment. > > Cc: David Howells <dhowe...@redhat.com> > Cc: John Johansen <john.johan...@canonical.com> > Cc: Paul Moore <p...@paul-moore.com> > Cc: Stephen Smalley <s...@tycho.nsa.gov> > Cc: Casey Schaufler <ca...@schaufler-ca.com> > Cc: James Morris <james.l.mor...@oracle.com> > Signed-off-by: Kees Cook <keesc...@chromium.org> > --- > fs/binfmt_flat.c | 2 +- > fs/exec.c | 2 +- > include/linux/binfmts.h | 8 ++++++-- > security/apparmor/domain.c | 2 +- > security/selinux/hooks.c | 2 +- > security/smack/smack_lsm.c | 2 +- > security/tomoyo/tomoyo.c | 2 +- > 7 files changed, 12 insertions(+), 8 deletions(-) > > diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c > index 2edcefc0a294..a722530cc468 100644 > --- a/fs/binfmt_flat.c > +++ b/fs/binfmt_flat.c > @@ -885,7 +885,7 @@ static int load_flat_shared_library(int id, struct > lib_info *libs) > * as we're past the point of no return and are dealing with shared > * libraries. > */ > - bprm.cred_prepared = 1; > + bprm.called_set_creds = 1;
WTF is this? It's not, strictly speaking, a bug in this patch, but it's nonsensical. Is it fixed (presuably deleted) later? Otherwise looks good.
