Skip to content

Commit 473d896

Browse files
keeskees
committed
exec: Consolidate dumpability logic
Since it's already valid to set dumpability in the early part of setup_new_exec(), we can consolidate the logic into a single place. The BINPRM_FLAGS_ENFORCE_NONDUMP is set during would_dump() calls before setup_new_exec(), so its test is safe to move as well. Signed-off-by: Kees Cook <keescook@chromium.org> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: James Morris <james.l.morris@oracle.com>
1 parent 35b372b commit 473d896

File tree

1 file changed

+5
-6
lines changed

1 file changed

+5
-6
lines changed

fs/exec.c

Lines changed: 5 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -1354,10 +1354,12 @@ void setup_new_exec(struct linux_binprm * bprm)
13541354

13551355
current->sas_ss_sp = current->sas_ss_size = 0;
13561356

1357-
if (!bprm->secureexec)
1358-
set_dumpable(current->mm, SUID_DUMP_USER);
1359-
else
1357+
/* Figure out dumpability. */
1358+
if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP ||
1359+
bprm->secureexec)
13601360
set_dumpable(current->mm, suid_dumpable);
1361+
else
1362+
set_dumpable(current->mm, SUID_DUMP_USER);
13611363

13621364
arch_setup_new_exec();
13631365
perf_event_exec();
@@ -1371,9 +1373,6 @@ void setup_new_exec(struct linux_binprm * bprm)
13711373

13721374
if (bprm->secureexec) {
13731375
current->pdeath_signal = 0;
1374-
} else {
1375-
if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
1376-
set_dumpable(current->mm, suid_dumpable);
13771376
}
13781377

13791378
/* An exec changes our domain. We are no longer part of the thread

0 commit comments

Comments
 (0)