Re: [PATCH v2 2/8] exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Kees Cook <keescook@xxxxxxxxxxxx>
Subject: Re: [PATCH v2 2/8] exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds
From: James Morris <jmorris@xxxxxxxxx>
Date: Wed, 20 May 2020 07:28:31 +1000 (AEST)
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, Linus Torvalds <torvalds@xxxxxxxxxxxxxxxxxxxx>, Oleg Nesterov <oleg@xxxxxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Greg Ungerer <gerg@xxxxxxxxxxxxxx>, Rob Landley <rob@xxxxxxxxxxx>, Bernd Edlinger <bernd.edlinger@xxxxxxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, Alexey Dobriyan <adobriyan@xxxxxxxxx>, Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>, Casey Schaufler <casey@xxxxxxxxxxxxxxxx>, linux-security-module@xxxxxxxxxxxxxxx, "Serge E. Hallyn" <serge@xxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxxxxxx>
In-reply-to: <202005191108.7A6E97831@keescook>
User-agent: Alpine 2.21 (LRH 202 2017-01-01)

On Tue, 19 May 2020, Kees Cook wrote:

> >  	/* SELinux context only depends on initial program or script and not
> >  	 * the script interpreter */
> > -	if (bprm->called_set_creds)
> > -		return 0;
> >  
> >  	old_tsec = selinux_cred(current_cred());
> >  	new_tsec = selinux_cred(bprm->cred);
> 
> As you've done in the other LSMs, I think this comment can be removed
> (or moved to the top of the function) too.

I'd prefer moved to top of the function.

-- 
James Morris
<jmorris@xxxxxxxxx>

References:
- exec: Promised cleanups after introducing exec_update_mutex
  - From: Eric W. Biederman
- [PATCH 0/6] exec: Trivial cleanups for exec
  - From: Eric W. Biederman
- [PATCH 0/5] exec: Control flow simplifications
  - From: Eric W. Biederman
- [PATCH v2 0/8] exec: Control flow simplifications
  - From: Eric W. Biederman
- [PATCH v2 2/8] exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds
  - From: Eric W. Biederman
- Re: [PATCH v2 2/8] exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds
  - From: Kees Cook

Prev by Date: Re: [PATCH 0/4] Relocate execve() sanity checks
Next by Date: Re: [PATCH v2 5/8] exec: Move the call of prepare_binprm into search_binary_handler
Previous by thread: Re: [PATCH v2 2/8] exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds
Next by thread: [PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds
Index(es):
- Date
- Thread

[Index of Archives] [Linux Ext4 Filesystem] [Union Filesystem] [Filesystem Testing] [Ceph Users] [Ecryptfs] [AutoFS] [Kernel Newbies] [Share Photos] [Security] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Cachefs] [Reiser Filesystem] [Linux RAID] [Samba] [Device Mapper] [CEPH Development]