[patch][selinux] Fix clearing of new personality bit on securitytransitions

[Stephen Smalley]

This patch against 2.6.8-rc2-bk6 moves the clearing of the new
personality bit from selinux_bprm_apply_creds (called from
compute_creds) to selinux_bprm_set_security (called from
prepare_binprm).  This ensures that the bit is cleared at the same point
in exec processing as for setuid/setgid binaries, prior to setting up
the new image.  Please apply.

Signed-off-by:  Stephen Smalley <sds@xxxxxxxxxxxxxx>

 security/selinux/hooks.c |    6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

--- linux-2.6.7/security/selinux/hooks.c.orig	2004-07-27 11:42:12.347833384 -0400
+++ linux-2.6.7/security/selinux/hooks.c	2004-07-27 11:43:12.748651064 -0400
@@ -1685,6 +1685,9 @@ static int selinux_bprm_set_security(str
 		if (rc)
 			return rc;
 
+		/* Clear any possibly unsafe personality bits on exec: */
+		current->personality &= ~PER_CLEAR_ON_SETID;
+
 		/* Set the security field to the new SID. */
 		bsec->sid = newsid;
 	}
@@ -1895,9 +1898,6 @@ static void selinux_bprm_apply_creds(str
 			task_unlock(current);
 		}
 
-		/* Clear any possibly unsafe personality bits on exec: */
-		current->personality &= ~PER_CLEAR_ON_SETID;
-
 		/* Close files for which the new task SID is not authorized. */
 		flush_unauthorized_files(current->files);
 

 
-- 
Stephen Smalley <sds@xxxxxxxxxxxxxx>
National Security Agency

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/