Google Git
Sign in
kernel / pub / scm / linux / kernel / git / kees / linux / secureexec-v4.14-rc1
tag7dc8ac0c608091b5f2990cc223aa6929bd64e07e
taggerKees Cook <keescook@chromium.org>Tue Sep 05 13:03:52 2017 -0700
objectfe8993b3a05cbba6318a54e0f85901aaea6fc244 
This series has the ultimate goal of providing a sane stack rlimit when
running set*id processes. To do this, the bprm_secureexec LSM hook is
collapsed into the bprm_set_creds hook so the secureexec-ness of an exec
can be determined early enough to make decisions about rlimits and the
resulting memory layouts. Other logic acting on the secureexec-ness of an
exec is similarly consolidated. Capabilities needed some special handling,
but the refactoring removed other special handling, so that was a wash.
commitfe8993b3a05cbba6318a54e0f85901aaea6fc244[log] [tgz]
authorKees Cook <keescook@chromium.org>Tue Jul 18 15:25:36 2017 -0700
committerKees Cook <keescook@chromium.org>Tue Aug 01 12:03:14 2017 -0700
tree34631e3a10ab98444573ce343c170d26a6211a04
parent64701dee4178eb4a771b8b36cd86560f5b0e2460 [diff]
exec: Consolidate pdeath_signal clearing

Instead of an additional secureexec check for pdeath_signal, just move it
up into the initial secureexec test. Neither perf nor arch code touches
pdeath_signal, so the relocation shouldn't change anything.

Signed-off-by: Kees Cook <keescook@chromium.org>
Acked-by: Serge Hallyn <serge@hallyn.com>
1 file changed
tree: 34631e3a10ab98444573ce343c170d26a6211a04
  1. arch/
  2. block/
  3. certs/
  4. crypto/
  5. Documentation/
  6. drivers/
  7. firmware/
  8. fs/
  9. include/
  10. init/
  11. ipc/
  12. kernel/
  13. lib/
  14. mm/
  15. net/
  16. samples/
  17. scripts/
  18. security/
  19. sound/
  20. tools/
  21. usr/
  22. virt/
  23. .cocciconfig
  24. .get_maintainer.ignore
  25. .gitattributes
  26. .gitignore
  27. .mailmap
  28. COPYING
  29. CREDITS
  30. Kbuild
  31. Kconfig
  32. MAINTAINERS
  33. Makefile
  34. README