On Mon, Jul 10, 2017 at 7:07 PM, Kees Cook wrote:
> On Mon, Jul 10, 2017 at 10:18 AM, Eric W. Biederman
> wrote:
>> Kees Cook writes:
>>
>>> On Mon, Jul 10, 2017 at 1:57 AM, Eric W. Biederman
>>> wrote:
Kees Cook writes:
> There are several places where exec needs to know if a pr
On Mon, Jul 10, 2017 at 10:18 AM, Eric W. Biederman
wrote:
> Kees Cook writes:
>
>> On Mon, Jul 10, 2017 at 1:57 AM, Eric W. Biederman
>> wrote:
>>> Kees Cook writes:
>>>
There are several places where exec needs to know if a privilege-gain has
happened. These should be using the resu
On Mon, Jul 10, 2017 at 1:57 AM, Eric W. Biederman
wrote:
> Kees Cook writes:
>
>> There are several places where exec needs to know if a privilege-gain has
>> happened. These should be using the results of security_bprm_secureexec()
>> but it is getting (needlessly) called very late.
>
> It is h
Kees Cook writes:
> There are several places where exec needs to know if a privilege-gain has
> happened. These should be using the results of security_bprm_secureexec()
> but it is getting (needlessly) called very late.
It is hard to tell at a glance but I believe this introduces a
regression.
There are several places where exec needs to know if a privilege-gain has
happened. These should be using the results of security_bprm_secureexec()
but it is getting (needlessly) called very late.
Instead, move this earlier in the exec code, to the start of the point
of no return in setup_new_exec
5 matches
Mail list logo
