exec: clarify reasoning for euid/egid reset

[cascardo/linux.git] / fs / exec.c

diff --git a/fs/exec.c b/fs/exec.c
index dcd4ac7..a98b21d 100644 (file)
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -56,6 +56,7 @@
 #include <linux/pipe_fs_i.h>
 #include <linux/oom.h>
 #include <linux/compat.h>
+#include <linux/vmalloc.h>
 
 #include <asm/uaccess.h>
 #include <asm/mmu_context.h>
@@ -198,8 +199,12 @@ static struct page *get_arg_page(struct linux_binprm *bprm, unsigned long pos,
                        return NULL;
        }
 #endif
-       ret = get_user_pages(current, bprm->mm, pos,
-                       1, write, 1, &page, NULL);
+       /*
+        * We are doing an exec().  'current' is the process
+        * doing the exec and bprm->mm is the new process's mm.
+        */
+       ret = get_user_pages_remote(current, bprm->mm, pos, 1, write,
+                       1, &page, NULL);
        if (ret <= 0)
                return NULL;
 
@@ -831,6 +836,97 @@ int kernel_read(struct file *file, loff_t offset,
 
 EXPORT_SYMBOL(kernel_read);
 
+int kernel_read_file(struct file *file, void **buf, loff_t *size,
+                    loff_t max_size, enum kernel_read_file_id id)
+{
+       loff_t i_size, pos;
+       ssize_t bytes = 0;
+       int ret;
+
+       if (!S_ISREG(file_inode(file)->i_mode) || max_size < 0)
+               return -EINVAL;
+
+       ret = security_kernel_read_file(file, id);
+       if (ret)
+               return ret;
+
+       i_size = i_size_read(file_inode(file));
+       if (max_size > 0 && i_size > max_size)
+               return -EFBIG;
+       if (i_size <= 0)
+               return -EINVAL;
+
+       *buf = vmalloc(i_size);
+       if (!*buf)
+               return -ENOMEM;
+
+       pos = 0;
+       while (pos < i_size) {
+               bytes = kernel_read(file, pos, (char *)(*buf) + pos,
+                                   i_size - pos);
+               if (bytes < 0) {
+                       ret = bytes;
+                       goto out;
+               }
+
+               if (bytes == 0)
+                       break;
+               pos += bytes;
+       }
+
+       if (pos != i_size) {
+               ret = -EIO;
+               goto out;
+       }
+
+       ret = security_kernel_post_read_file(file, *buf, i_size, id);
+       if (!ret)
+               *size = pos;
+
+out:
+       if (ret < 0) {
+               vfree(*buf);
+               *buf = NULL;
+       }
+       return ret;
+}
+EXPORT_SYMBOL_GPL(kernel_read_file);
+
+int kernel_read_file_from_path(char *path, void **buf, loff_t *size,
+                              loff_t max_size, enum kernel_read_file_id id)
+{
+       struct file *file;
+       int ret;
+
+       if (!path || !*path)
+               return -EINVAL;
+
+       file = filp_open(path, O_RDONLY, 0);
+       if (IS_ERR(file))
+               return PTR_ERR(file);
+
+       ret = kernel_read_file(file, buf, size, max_size, id);
+       fput(file);
+       return ret;
+}
+EXPORT_SYMBOL_GPL(kernel_read_file_from_path);
+
+int kernel_read_file_from_fd(int fd, void **buf, loff_t *size, loff_t max_size,
+                            enum kernel_read_file_id id)
+{
+       struct fd f = fdget(fd);
+       int ret = -EBADF;
+
+       if (!f.file)
+               goto out;
+
+       ret = kernel_read_file(f.file, buf, size, max_size, id);
+out:
+       fdput(f);
+       return ret;
+}
+EXPORT_SYMBOL_GPL(kernel_read_file_from_fd);
+
 ssize_t read_code(struct file *file, unsigned long addr, loff_t pos, size_t len)
 {
        ssize_t res = vfs_read(file, (void __user *)addr, len, &pos);
@@ -1291,7 +1387,12 @@ static void bprm_fill_uid(struct linux_binprm *bprm)
        kuid_t uid;
        kgid_t gid;
 
-       /* clear any previous set[ug]id data from a previous binary */
+       /*
+        * Since this can be called multiple times (via prepare_binprm),
+        * we must clear any previous work done when setting set[ug]id
+        * bits from any earlier bprm->file uses (for example when run
+        * first for a setuid script then again for its interpreter).
+        */
        bprm->cred->euid = current_euid();
        bprm->cred->egid = current_egid();