diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2020-07-12 15:17:50 +0300 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2020-07-21 16:24:52 +0300 |
| commit | 0c9cdff054aec0836bb38a449e860793849c3f84 (patch) | |
| tree | 51f745662feaf6791b8f257e526ef83bbcc9f644 /include/linux/binfmts.h | |
| parent | f18ac551e5035a52fd8edadc45e0f8eb4cec8d3e (diff) | |
| download | linux-0c9cdff054aec0836bb38a449e860793849c3f84.tar.xz | |
exec: Factor bprm_execve out of do_execve_common
Currently it is necessary for the usermode helper code and the code
that launches init to use set_fs so that pages coming from the kernel
look like they are coming from userspace.
To allow that usage of set_fs to be removed cleanly the argument
copying from userspace needs to happen earlier. Factor bprm_execve
out of do_execve_common to separate out the copying of arguments
to the newe stack, and the rest of exec.
In separating bprm_execve from do_execve_common the copying
of the arguments onto the new stack happens earlier.
As the copying of the arguments does not depend any security hooks,
files, the file table, current->in_execve, current->fs->in_exec,
bprm->unsafe, or creds this is safe.
Likewise the security hook security_creds_for_exec does not depend upon
preventing the argument copying from happening.
In addition to making it possible to implement kernel_execve that
performs the copying differently, this separation of bprm_execve from
do_execve_common makes for a nice separation of responsibilities making
the exec code easier to navigate.
Reviewed-by: Kees Cook <keescook@chromium.org>
Reviewed-by: Christoph Hellwig <hch@lst.de>
Link: https://lkml.kernel.org/r/878sfm6x6x.fsf@x220.int.ebiederm.org
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Diffstat (limited to 'include/linux/binfmts.h')
0 files changed, 0 insertions, 0 deletions