As discussed with Linus and Andy, we need to reset the stack rlimit before we do memory layouts when execing a privilege-gaining (e.g. setuid) program. This moves security_bprm_secureexec() earlier (with required changes), and then lowers the stack limit when appropriate. As a side-effect, dumpability and pdeath_signal clearing is expanded to cover LSM definitions of secureexec (and Smack can drop its special handler for pdeath_signal clearing). I'd appreciate some extra eyes on this to make sure this isn't broken in some special way. I couldn't find anything that _depended_ on security_bprm_secureexec() being called late. Thanks! -Kees v2: - fix missed current_security() uses in LSMs. - research/consolidate dumpability setting logic - research/consolidate pdeath_signal clearing logic - split up logical steps a little more for easier review (and bisection) - fix some old broken comments
