Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-08-01 Thread Andy Lutomirski
On Mon, Jul 31, 2017 at 3:43 PM, Kees Cook wrote: > On Wed, Jul 19, 2017 at 9:53 PM, Andy Lutomirski wrote: >> On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote: >>> On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-08-01 Thread Andy Lutomirski
On Mon, Jul 31, 2017 at 3:43 PM, Kees Cook wrote: > On Wed, Jul 19, 2017 at 9:53 PM, Andy Lutomirski wrote: >> On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote: >>> On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: The commoncap implementation of the bprm_secureexec hook is the only

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-31 Thread Kees Cook
On Wed, Jul 19, 2017 at 9:53 PM, Andy Lutomirski wrote: > On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote: >> On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: >>> The commoncap implementation of the bprm_secureexec hook is the

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-31 Thread Kees Cook
On Wed, Jul 19, 2017 at 9:53 PM, Andy Lutomirski wrote: > On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote: >> On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: >>> The commoncap implementation of the bprm_secureexec hook is the only LSM >>> that depends on the final call to its

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-19 Thread Andy Lutomirski
On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote: > On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: >> The commoncap implementation of the bprm_secureexec hook is the only LSM >> that depends on the final call to its bprm_set_creds hook (since it

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-19 Thread Andy Lutomirski
On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote: > On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: >> The commoncap implementation of the bprm_secureexec hook is the only LSM >> that depends on the final call to its bprm_set_creds hook (since it may >> be called for multiple files, it

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-19 Thread James Morris
On Tue, 18 Jul 2017, Kees Cook wrote: > The commoncap implementation of the bprm_secureexec hook is the only LSM > that depends on the final call to its bprm_set_creds hook (since it may > be called for multiple files, it ignores bprm->called_set_creds). As a > result, it cannot safely _clear_

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-19 Thread James Morris
On Tue, 18 Jul 2017, Kees Cook wrote: > The commoncap implementation of the bprm_secureexec hook is the only LSM > that depends on the final call to its bprm_set_creds hook (since it may > be called for multiple files, it ignores bprm->called_set_creds). As a > result, it cannot safely _clear_

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-18 Thread Kees Cook
On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote: > On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: >> The commoncap implementation of the bprm_secureexec hook is the only LSM >> that depends on the final call to its bprm_set_creds hook (since it

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-18 Thread Kees Cook
On Tue, Jul 18, 2017 at 6:10 PM, Andy Lutomirski wrote: > On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: >> The commoncap implementation of the bprm_secureexec hook is the only LSM >> that depends on the final call to its bprm_set_creds hook (since it may >> be called for multiple files, it

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-18 Thread Andy Lutomirski
On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: > The commoncap implementation of the bprm_secureexec hook is the only LSM > that depends on the final call to its bprm_set_creds hook (since it may > be called for multiple files, it ignores bprm->called_set_creds). As a >

Re: [PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-18 Thread Andy Lutomirski
On Tue, Jul 18, 2017 at 3:25 PM, Kees Cook wrote: > The commoncap implementation of the bprm_secureexec hook is the only LSM > that depends on the final call to its bprm_set_creds hook (since it may > be called for multiple files, it ignores bprm->called_set_creds). As a > result, it cannot

[PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-18 Thread Kees Cook
The commoncap implementation of the bprm_secureexec hook is the only LSM that depends on the final call to its bprm_set_creds hook (since it may be called for multiple files, it ignores bprm->called_set_creds). As a result, it cannot safely _clear_ bprm->secureexec since other LSMs may have set

[PATCH v3 06/15] commoncap: Refactor to remove bprm_secureexec hook

2017-07-18 Thread Kees Cook
The commoncap implementation of the bprm_secureexec hook is the only LSM that depends on the final call to its bprm_set_creds hook (since it may be called for multiple files, it ignores bprm->called_set_creds). As a result, it cannot safely _clear_ bprm->secureexec since other LSMs may have set