On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook <[email protected]> wrote:
> Instead of a separate function, open-code the cap_elevated test, which
> lets us entirely remove bprm->cap_effective (to use the local "effective"
> variable instead), and more accurately examine euid/egid changes via the
> existing local "is_setid".
...
> -static int is_secureexec(struct linux_binprm *bprm)
> -{
> - const struct cred *cred = bprm->cred;
> - kuid_t root_uid = make_kuid(cred->user_ns, 0);
> -
> - if (!uid_eq(cred->uid, root_uid)) {
> - if (bprm->cap_effective)
> - return 1;
> - if (!cap_issubset(cred->cap_permitted, cred->cap_ambient))
> - return 1;
> + bprm->cap_elevated = 0;
> + if (is_setid) {
> + bprm->cap_elevated = 1;
> + } else if (!uid_eq(new->uid, root_uid)) {
> + if (effective ||
> + !cap_issubset(new->cap_permitted, new->cap_ambient))
> + bprm->cap_elevated = 1;
> }
>
> - return (!uid_eq(cred->euid, cred->uid) ||
> - !gid_eq(cred->egid, cred->gid));
> + return 0;
I think this matches the old behavior. IOW it looks right.
