consolidate BINPRM_FLAGS_ENFORCE_NONDUMP handling
authorAl Viro <viro@zeniv.linux.org.uk>
Sun, 19 Jun 2011 16:49:47 +0000 (12:49 -0400)
committerAl Viro <viro@zeniv.linux.org.uk>
Wed, 20 Jul 2011 05:43:10 +0000 (01:43 -0400)
new helper: would_dump(bprm, file).  Checks if we are allowed to
read the file and if we are not - sets ENFORCE_NODUMP.  Exported,
used in places that previously open-coded the same logics.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
fs/binfmt_elf.c
fs/binfmt_elf_fdpic.c
fs/binfmt_misc.c
fs/exec.c
include/linux/binfmts.h

index 303983fabfd63391f3961a58be352303b7af0064..dd0fdfc56d38c4753091ff44da049158048a8b6d 100644 (file)
@@ -668,8 +668,7 @@ static int load_elf_binary(struct linux_binprm *bprm, struct pt_regs *regs)
                         * mm->dumpable = 0 regardless of the interpreter's
                         * permissions.
                         */
-                       if (file_permission(interpreter, MAY_READ) < 0)
-                               bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+                       would_dump(bprm, interpreter);
 
                        retval = kernel_read(interpreter, 0, bprm->buf,
                                             BINPRM_BUF_SIZE);
index 2bc5dc644b4cb82c21300a925276a861644de5bd..30745f459fafb97175206b396ab23cf3c5e3246a 100644 (file)
@@ -245,8 +245,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm,
                         * mm->dumpable = 0 regardless of the interpreter's
                         * permissions.
                         */
-                       if (file_permission(interpreter, MAY_READ) < 0)
-                               bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+                       would_dump(bprm, interpreter);
 
                        retval = kernel_read(interpreter, 0, bprm->buf,
                                             BINPRM_BUF_SIZE);
index 1befe2ec8186768a7b7baebc4a4c4d20418cfc14..ba1a1ae4a18a52c714ae82281e3c1f39fbfae02a 100644 (file)
@@ -149,8 +149,7 @@ static int load_misc_binary(struct linux_binprm *bprm, struct pt_regs *regs)
 
                /* if the binary is not readable than enforce mm->dumpable=0
                   regardless of the interpreter's permissions */
-               if (file_permission(bprm->file, MAY_READ))
-                       bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+               would_dump(bprm, bprm->file);
 
                allow_write_access(bprm->file);
                bprm->file = NULL;
index 6075a1e727aee13dd3cd492b61d55edd81ee258e..f9f12ad299afe4a867b6ce90563130a71a0a1cf7 100644 (file)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1105,6 +1105,13 @@ out:
 }
 EXPORT_SYMBOL(flush_old_exec);
 
+void would_dump(struct linux_binprm *bprm, struct file *file)
+{
+       if (inode_permission(file->f_path.dentry->d_inode, MAY_READ) < 0)
+               bprm->interp_flags |= BINPRM_FLAGS_ENFORCE_NONDUMP;
+}
+EXPORT_SYMBOL(would_dump);
+
 void setup_new_exec(struct linux_binprm * bprm)
 {
        int i, ch;
@@ -1144,9 +1151,10 @@ void setup_new_exec(struct linux_binprm * bprm)
        if (bprm->cred->uid != current_euid() ||
            bprm->cred->gid != current_egid()) {
                current->pdeath_signal = 0;
-       } else if (file_permission(bprm->file, MAY_READ) ||
-                  bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP) {
-               set_dumpable(current->mm, suid_dumpable);
+       } else {
+               would_dump(bprm, bprm->file);
+               if (bprm->interp_flags & BINPRM_FLAGS_ENFORCE_NONDUMP)
+                       set_dumpable(current->mm, suid_dumpable);
        }
 
        /*
index 8845613fd7e3de94385645c2177a666b642b5c7e..fd88a3945aa149af16b2671d656fede2e46fafe2 100644 (file)
@@ -111,6 +111,7 @@ extern int __must_check remove_arg_zero(struct linux_binprm *);
 extern int search_binary_handler(struct linux_binprm *, struct pt_regs *);
 extern int flush_old_exec(struct linux_binprm * bprm);
 extern void setup_new_exec(struct linux_binprm * bprm);
+extern void would_dump(struct linux_binprm *, struct file *);
 
 extern int suid_dumpable;
 #define SUID_DUMP_DISABLE      0       /* No setuid dumping */