summaryrefslogtreecommitdiff
path: root/include/linux/binfmts.h
diff options
context:
space:
mode:
authorKees Cook <keescook@chromium.org>2017-07-19 01:25:28 +0300
committerKees Cook <keescook@chromium.org>2017-08-01 22:03:09 +0300
commitee67ae7ef6ff499137292ac8a9dfe86096796283 (patch)
tree6a23c8212426db697546ead1019325504f53114c /include/linux/binfmts.h
parent46d98eb4e1d2bc225f661879e0e157a952107598 (diff)
downloadlinux-ee67ae7ef6ff499137292ac8a9dfe86096796283.tar.xz
commoncap: Move cap_elevated calculation into bprm_set_creds
Instead of a separate function, open-code the cap_elevated test, which lets us entirely remove bprm->cap_effective (to use the local "effective" variable instead), and more accurately examine euid/egid changes via the existing local "is_setid". The following LTP tests were run to validate the changes: # ./runltp -f syscalls -s cap # ./runltp -f securebits # ./runltp -f cap_bounds # ./runltp -f filecaps All kernel selftests for capabilities and exec continue to pass as well. Signed-off-by: Kees Cook <keescook@chromium.org> Reviewed-by: James Morris <james.l.morris@oracle.com> Acked-by: Serge Hallyn <serge@hallyn.com> Reviewed-by: Andy Lutomirski <luto@kernel.org>
Diffstat (limited to 'include/linux/binfmts.h')
-rw-r--r--include/linux/binfmts.h3
1 files changed, 0 insertions, 3 deletions
diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h
index 213c61fa3780..fb44d6180ca0 100644
--- a/include/linux/binfmts.h
+++ b/include/linux/binfmts.h
@@ -31,9 +31,6 @@ struct linux_binprm {
* binfmt_script/misc).
*/
called_set_creds:1,
- cap_effective:1,/* true if has elevated effective capabilities,
- * false if not; except for init which inherits
- * its parent's caps anyway */
/*
* True if most recent call to the commoncaps bprm_set_creds
* hook (due to multiple prepare_binprm() calls from the