Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve from granting privs

[platform/adaptation/renesas_rcar/renesas_kernel.git] / kernel / sys.c

diff --git a/kernel/sys.c b/kernel/sys.c
index e7006eb..b82568b 100644 (file)
--- a/kernel/sys.c
+++ b/kernel/sys.c
@@ -1979,6 +1979,16 @@ SYSCALL_DEFINE5(prctl, int, option, unsigned long, arg2, unsigned long, arg3,
                        error = put_user(me->signal->is_child_subreaper,
                                         (int __user *) arg2);
                        break;
+               case PR_SET_NO_NEW_PRIVS:
+                       if (arg2 != 1 || arg3 || arg4 || arg5)
+                               return -EINVAL;
+
+                       current->no_new_privs = 1;
+                       break;
+               case PR_GET_NO_NEW_PRIVS:
+                       if (arg2 || arg3 || arg4 || arg5)
+                               return -EINVAL;
+                       return current->no_new_privs ? 1 : 0;
                default:
                        error = -EINVAL;
                        break;