diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-21 05:38:09 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-08-21 05:38:09 +0000 |
commit | bb26c5b2b89d932f617fa415a715b2bb259a42bc (patch) | |
tree | 58c44da24c7a1fb78dda1c0b698510c6f8640981 /fs/exec.c | |
parent | Adding upstream version 6.10.4. (diff) | |
download | linux-bb26c5b2b89d932f617fa415a715b2bb259a42bc.tar.xz linux-bb26c5b2b89d932f617fa415a715b2bb259a42bc.zip |
Adding upstream version 6.10.6.upstream/6.10.6upstream
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'fs/exec.c')
-rw-r--r-- | fs/exec.c | 8 |
1 files changed, 7 insertions, 1 deletions
@@ -1668,6 +1668,7 @@ static void bprm_fill_uid(struct linux_binprm *bprm, struct file *file) unsigned int mode; vfsuid_t vfsuid; vfsgid_t vfsgid; + int err; if (!mnt_may_suid(file->f_path.mnt)) return; @@ -1684,12 +1685,17 @@ static void bprm_fill_uid(struct linux_binprm *bprm, struct file *file) /* Be careful if suid/sgid is set */ inode_lock(inode); - /* reload atomically mode/uid/gid now that lock held */ + /* Atomically reload and check mode/uid/gid now that lock held. */ mode = inode->i_mode; vfsuid = i_uid_into_vfsuid(idmap, inode); vfsgid = i_gid_into_vfsgid(idmap, inode); + err = inode_permission(idmap, inode, MAY_EXEC); inode_unlock(inode); + /* Did the exec bit vanish out from under us? Give up. */ + if (err) + return; + /* We ignore suid/sgid if there are no mappings for them in the ns */ if (!vfsuid_has_mapping(bprm->cred->user_ns, vfsuid) || !vfsgid_has_mapping(bprm->cred->user_ns, vfsgid)) |