Merge tag 'secureexec-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git...
authorLinus Torvalds <torvalds@linux-foundation.org>
Fri, 8 Sep 2017 03:35:29 +0000 (20:35 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Fri, 8 Sep 2017 03:35:29 +0000 (20:35 -0700)
Pull secureexec update from Kees Cook:
 "This series has the ultimate goal of providing a sane stack rlimit
  when running set*id processes.

  To do this, the bprm_secureexec LSM hook is collapsed into the
  bprm_set_creds hook so the secureexec-ness of an exec can be
  determined early enough to make decisions about rlimits and the
  resulting memory layouts. Other logic acting on the secureexec-ness of
  an exec is similarly consolidated. Capabilities needed some special
  handling, but the refactoring removed other special handling, so that
  was a wash"

* tag 'secureexec-v4.14-rc1' of git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux:
  exec: Consolidate pdeath_signal clearing
  exec: Use sane stack rlimit under secureexec
  exec: Consolidate dumpability logic
  smack: Remove redundant pdeath_signal clearing
  exec: Use secureexec for clearing pdeath_signal
  exec: Use secureexec for setting dumpability
  LSM: drop bprm_secureexec hook
  commoncap: Move cap_elevated calculation into bprm_set_creds
  commoncap: Refactor to remove bprm_secureexec hook
  smack: Refactor to remove bprm_secureexec hook
  selinux: Refactor to remove bprm_secureexec hook
  apparmor: Refactor to remove bprm_secureexec hook
  binfmt: Introduce secureexec flag
  exec: Correct comments about "point of no return"
  exec: Rename bprm->cred_prepared to called_set_creds

1  2 
fs/binfmt_elf.c
security/selinux/hooks.c

diff --combined fs/binfmt_elf.c
index 6466153f2bf099d357166192710167667abefa09,3b7dda91b07b22ee1aa375dcc50a9a8a2dd2d018..ec45d24875b1f84127755dee9d26e01c2f693290
@@@ -252,7 -252,7 +252,7 @@@ create_elf_tables(struct linux_binprm *
        NEW_AUX_ENT(AT_EUID, from_kuid_munged(cred->user_ns, cred->euid));
        NEW_AUX_ENT(AT_GID, from_kgid_munged(cred->user_ns, cred->gid));
        NEW_AUX_ENT(AT_EGID, from_kgid_munged(cred->user_ns, cred->egid));
-       NEW_AUX_ENT(AT_SECURE, security_bprm_secureexec(bprm));
+       NEW_AUX_ENT(AT_SECURE, bprm->secureexec);
        NEW_AUX_ENT(AT_RANDOM, (elf_addr_t)(unsigned long)u_rand_bytes);
  #ifdef ELF_HWCAP2
        NEW_AUX_ENT(AT_HWCAP2, ELF_HWCAP2);
@@@ -664,7 -664,8 +664,7 @@@ static unsigned long randomize_stack_to
  {
        unsigned long random_variable = 0;
  
 -      if ((current->flags & PF_RANDOMIZE) &&
 -              !(current->personality & ADDR_NO_RANDOMIZE)) {
 +      if (current->flags & PF_RANDOMIZE) {
                random_variable = get_random_long();
                random_variable &= STACK_RND_MASK;
                random_variable <<= PAGE_SHIFT;
diff --combined security/selinux/hooks.c
index 2f2e1338cd3d7e320784ba8cd45d2fb023ae1586,a1f5f5ddfba75762d29c6bd36064cfd7b28ab087..ad3b0f53ede00bb6fcd5a870c1369a8003950510
@@@ -2356,7 -2356,7 +2356,7 @@@ static int selinux_bprm_set_creds(struc
  
        /* SELinux context only depends on initial program or script and not
         * the script interpreter */
-       if (bprm->cred_prepared)
+       if (bprm->called_set_creds)
                return 0;
  
        old_tsec = current_security();
  
                /* Clear any possibly unsafe personality bits on exec: */
                bprm->per_clear |= PER_CLEAR_ON_SETID;
-       }
-       return 0;
- }
- static int selinux_bprm_secureexec(struct linux_binprm *bprm)
- {
-       const struct task_security_struct *tsec = current_security();
-       u32 sid, osid;
-       int atsecure = 0;
-       sid = tsec->sid;
-       osid = tsec->osid;
  
-       if (osid != sid) {
                /* Enable secure mode for SIDs transitions unless
                   the noatsecure permission is granted between
                   the two SIDs, i.e. ahp returns 0. */
-               atsecure = avc_has_perm(osid, sid,
-                                       SECCLASS_PROCESS,
-                                       PROCESS__NOATSECURE, NULL);
+               rc = avc_has_perm(old_tsec->sid, new_tsec->sid,
+                                 SECCLASS_PROCESS, PROCESS__NOATSECURE,
+                                 NULL);
+               bprm->secureexec |= !!rc;
        }
  
-       return !!atsecure;
+       return 0;
  }
  
  static int match_file(const void *p, struct file *file, unsigned fd)
@@@ -6266,7 -6253,6 +6253,6 @@@ static struct security_hook_list selinu
        LSM_HOOK_INIT(bprm_set_creds, selinux_bprm_set_creds),
        LSM_HOOK_INIT(bprm_committing_creds, selinux_bprm_committing_creds),
        LSM_HOOK_INIT(bprm_committed_creds, selinux_bprm_committed_creds),
-       LSM_HOOK_INIT(bprm_secureexec, selinux_bprm_secureexec),
  
        LSM_HOOK_INIT(sb_alloc_security, selinux_sb_alloc_security),
        LSM_HOOK_INIT(sb_free_security, selinux_sb_free_security),
@@@ -6530,7 -6516,7 +6516,7 @@@ security_initcall(selinux_init)
  
  #if defined(CONFIG_NETFILTER)
  
 -static struct nf_hook_ops selinux_nf_ops[] = {
 +static const struct nf_hook_ops selinux_nf_ops[] = {
        {
                .hook =         selinux_ipv4_postroute,
                .pf =           NFPROTO_IPV4,