e426b64c41
Joe Malicki reports that setuid sometimes doesn't: very rarely, a setuid root program does not get root euid; and, by the way, they have a health check running lsof every few minutes. Right, check_unsafe_exec() notes whether the files_struct is being shared by more threads than will get killed by the exec, and if so sets LSM_UNSAFE_SHARE to make bprm_set_creds() careful about euid. But /proc/<pid>/fd and /proc/<pid>/fdinfo lookups make transient use of get_files_struct(), which also raises that sharing count. There's a rather simple fix for this: exec's check on files->count has been redundant ever since 2.6.1 made it unshare_files() (except while compat_do_execve() omitted to do so) - just remove that check. [Note to -stable: this patch will not apply before 2.6.29: earlier releases should just remove the files->count line from unsafe_exec().] Reported-by: Joe Malicki <jmalicki@metacarta.com> Narrowed-down-by: Michael Itz <mitz@metacarta.com> Tested-by: Joe Malicki <jmalicki@metacarta.com> Signed-off-by: Hugh Dickins <hugh@veritas.com> Cc: stable@kernel.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
62 lines
1.5 KiB
C
62 lines
1.5 KiB
C
/* fs/ internal definitions
|
|
*
|
|
* Copyright (C) 2006 Red Hat, Inc. All Rights Reserved.
|
|
* Written by David Howells (dhowells@redhat.com)
|
|
*
|
|
* This program is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU General Public License
|
|
* as published by the Free Software Foundation; either version
|
|
* 2 of the License, or (at your option) any later version.
|
|
*/
|
|
|
|
struct super_block;
|
|
struct linux_binprm;
|
|
|
|
/*
|
|
* block_dev.c
|
|
*/
|
|
#ifdef CONFIG_BLOCK
|
|
extern struct super_block *blockdev_superblock;
|
|
extern void __init bdev_cache_init(void);
|
|
|
|
static inline int sb_is_blkdev_sb(struct super_block *sb)
|
|
{
|
|
return sb == blockdev_superblock;
|
|
}
|
|
|
|
#else
|
|
static inline void bdev_cache_init(void)
|
|
{
|
|
}
|
|
|
|
static inline int sb_is_blkdev_sb(struct super_block *sb)
|
|
{
|
|
return 0;
|
|
}
|
|
#endif
|
|
|
|
/*
|
|
* char_dev.c
|
|
*/
|
|
extern void __init chrdev_init(void);
|
|
|
|
/*
|
|
* exec.c
|
|
*/
|
|
extern void check_unsafe_exec(struct linux_binprm *);
|
|
|
|
/*
|
|
* namespace.c
|
|
*/
|
|
extern int copy_mount_options(const void __user *, unsigned long *);
|
|
|
|
extern void free_vfsmnt(struct vfsmount *);
|
|
extern struct vfsmount *alloc_vfsmnt(const char *);
|
|
extern struct vfsmount *__lookup_mnt(struct vfsmount *, struct dentry *, int);
|
|
extern void mnt_set_mountpoint(struct vfsmount *, struct dentry *,
|
|
struct vfsmount *);
|
|
extern void release_mounts(struct list_head *);
|
|
extern void umount_tree(struct vfsmount *, int, struct list_head *);
|
|
extern struct vfsmount *copy_tree(struct vfsmount *, struct dentry *, int);
|
|
|
|
extern void __init mnt_init(void);
|