From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752629AbdIEULJ (ORCPT ); Tue, 5 Sep 2017 16:11:09 -0400 Received: from mail-pg0-f48.google.com ([74.125.83.48]:36081 "EHLO mail-pg0-f48.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751413AbdIEULI (ORCPT ); Tue, 5 Sep 2017 16:11:08 -0400 X-Google-Smtp-Source: ADKCNb4ma/7bEEUDGM0ddhF2dMcrBCXkF0IuH54lzvoruBv+p6X+M3x5dXijjfGlAWTUU0iQeBSItg== Date: Tue, 5 Sep 2017 13:11:06 -0700 From: Kees Cook To: Linus Torvalds Cc: linux-kernel@vger.kernel.org, Andy Lutomirski , Casey Schaufler , "Eric W. Biederman" , James Morris , John Johansen , Kees Cook , Paul Moore , Serge Hallyn Subject: [GIT PULL] secureexec update for v4.14-rc1 Message-ID: <20170905201106.GA72566@beast> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi, Please pull these secureexec changes for v4.14-rc1. Notes on the series below. Thanks! -Kees The following changes since commit 520eccdfe187591a51ea9ab4c1a024ae4d0f68d9: Linux 4.13-rc2 (2017-07-23 16:15:17 -0700) are available in the git repository at: git://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/secureexec-v4.14-rc1 for you to fetch changes up to fe8993b3a05cbba6318a54e0f85901aaea6fc244: exec: Consolidate pdeath_signal clearing (2017-08-01 12:03:14 -0700) ---------------------------------------------------------------- This series has the ultimate goal of providing a sane stack rlimit when running set*id processes. To do this, the bprm_secureexec LSM hook is collapsed into the bprm_set_creds hook so the secureexec-ness of an exec can be determined early enough to make decisions about rlimits and the resulting memory layouts. Other logic acting on the secureexec-ness of an exec is similarly consolidated. Capabilities needed some special handling, but the refactoring removed other special handling, so that was a wash. ---------------------------------------------------------------- Kees Cook (15): exec: Rename bprm->cred_prepared to called_set_creds exec: Correct comments about "point of no return" binfmt: Introduce secureexec flag apparmor: Refactor to remove bprm_secureexec hook selinux: Refactor to remove bprm_secureexec hook smack: Refactor to remove bprm_secureexec hook commoncap: Refactor to remove bprm_secureexec hook commoncap: Move cap_elevated calculation into bprm_set_creds LSM: drop bprm_secureexec hook exec: Use secureexec for setting dumpability exec: Use secureexec for clearing pdeath_signal smack: Remove redundant pdeath_signal clearing exec: Consolidate dumpability logic exec: Use sane stack rlimit under secureexec exec: Consolidate pdeath_signal clearing fs/binfmt_elf.c | 2 +- fs/binfmt_elf_fdpic.c | 2 +- fs/binfmt_flat.c | 2 +- fs/exec.c | 56 ++++++++++++++++++++++++++++---------- include/linux/binfmts.h | 24 ++++++++++++---- include/linux/lsm_hooks.h | 14 ++++------ include/linux/security.h | 7 ----- security/apparmor/domain.c | 21 ++------------ security/apparmor/include/domain.h | 1 - security/apparmor/include/file.h | 3 -- security/apparmor/lsm.c | 1 - security/commoncap.c | 50 ++++++++-------------------------- security/security.c | 5 ---- security/selinux/hooks.c | 26 ++++-------------- security/smack/smack_lsm.c | 34 ++--------------------- security/tomoyo/tomoyo.c | 2 +- 16 files changed, 91 insertions(+), 159 deletions(-) -- Kees Cook Pixel Security