linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* [GIT PULL] secureexec update for v4.14-rc1
@ 2017-09-05 20:11 Kees Cook
  0 siblings, 0 replies; only message in thread
From: Kees Cook @ 2017-09-05 20:11 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: linux-kernel, Andy Lutomirski, Casey Schaufler,
	Eric W. Biederman, James Morris, John Johansen, Kees Cook,
	Paul Moore, Serge Hallyn

Hi,

Please pull these secureexec changes for v4.14-rc1. Notes on the series
below.

Thanks!

-Kees

The following changes since commit 520eccdfe187591a51ea9ab4c1a024ae4d0f68d9:

  Linux 4.13-rc2 (2017-07-23 16:15:17 -0700)

are available in the git repository at:

  git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/secureexec-v4.14-rc1

for you to fetch changes up to fe8993b3a05cbba6318a54e0f85901aaea6fc244:

  exec: Consolidate pdeath_signal clearing (2017-08-01 12:03:14 -0700)

----------------------------------------------------------------
This series has the ultimate goal of providing a sane stack rlimit when
running set*id processes. To do this, the bprm_secureexec LSM hook is
collapsed into the bprm_set_creds hook so the secureexec-ness of an exec
can be determined early enough to make decisions about rlimits and the
resulting memory layouts. Other logic acting on the secureexec-ness of an
exec is similarly consolidated. Capabilities needed some special handling,
but the refactoring removed other special handling, so that was a wash.

----------------------------------------------------------------
Kees Cook (15):
      exec: Rename bprm->cred_prepared to called_set_creds
      exec: Correct comments about "point of no return"
      binfmt: Introduce secureexec flag
      apparmor: Refactor to remove bprm_secureexec hook
      selinux: Refactor to remove bprm_secureexec hook
      smack: Refactor to remove bprm_secureexec hook
      commoncap: Refactor to remove bprm_secureexec hook
      commoncap: Move cap_elevated calculation into bprm_set_creds
      LSM: drop bprm_secureexec hook
      exec: Use secureexec for setting dumpability
      exec: Use secureexec for clearing pdeath_signal
      smack: Remove redundant pdeath_signal clearing
      exec: Consolidate dumpability logic
      exec: Use sane stack rlimit under secureexec
      exec: Consolidate pdeath_signal clearing

 fs/binfmt_elf.c                    |  2 +-
 fs/binfmt_elf_fdpic.c              |  2 +-
 fs/binfmt_flat.c                   |  2 +-
 fs/exec.c                          | 56 ++++++++++++++++++++++++++++----------
 include/linux/binfmts.h            | 24 ++++++++++++----
 include/linux/lsm_hooks.h          | 14 ++++------
 include/linux/security.h           |  7 -----
 security/apparmor/domain.c         | 21 ++------------
 security/apparmor/include/domain.h |  1 -
 security/apparmor/include/file.h   |  3 --
 security/apparmor/lsm.c            |  1 -
 security/commoncap.c               | 50 ++++++++--------------------------
 security/security.c                |  5 ----
 security/selinux/hooks.c           | 26 ++++--------------
 security/smack/smack_lsm.c         | 34 ++---------------------
 security/tomoyo/tomoyo.c           |  2 +-
 16 files changed, 91 insertions(+), 159 deletions(-)

-- 
Kees Cook
Pixel Security

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2017-09-05 20:11 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2017-09-05 20:11 [GIT PULL] secureexec update for v4.14-rc1 Kees Cook

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).