|
@@ -1291,8 +1291,11 @@ int prepare_binprm(struct linux_binprm *bprm)
|
|
|
if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) {
|
|
if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) {
|
|
|
/* Set-uid? */
|
|
/* Set-uid? */
|
|
|
if (mode & S_ISUID) {
|
|
if (mode & S_ISUID) {
|
|
|
|
|
+ if (!kuid_has_mapping(bprm->cred->user_ns, inode->i_uid))
|
|
|
|
|
+ return -EPERM;
|
|
|
bprm->per_clear |= PER_CLEAR_ON_SETID;
|
|
bprm->per_clear |= PER_CLEAR_ON_SETID;
|
|
|
bprm->cred->euid = inode->i_uid;
|
|
bprm->cred->euid = inode->i_uid;
|
|
|
|
|
+
|
|
|
}
|
|
}
|
|
|
|
|
|
|
|
/* Set-gid? */
|
|
/* Set-gid? */
|
|
@@ -1302,6 +1305,8 @@ int prepare_binprm(struct linux_binprm *bprm)
|
|
|
* executable.
|
|
* executable.
|
|
|
*/
|
|
*/
|
|
|
if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
|
|
if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
|
|
|
|
|
+ if (!kgid_has_mapping(bprm->cred->user_ns, inode->i_gid))
|
|
|
|
|
+ return -EPERM;
|
|
|
bprm->per_clear |= PER_CLEAR_ON_SETID;
|
|
bprm->per_clear |= PER_CLEAR_ON_SETID;
|
|
|
bprm->cred->egid = inode->i_gid;
|
|
bprm->cred->egid = inode->i_gid;
|
|
|
}
|
|
}
|
Eric W. Biederman