From 33d29e7a8983d364f8a9bf7ac217abf9d3758d21 Mon Sep 17 00:00:00 2001
From: "Eric W. Biederman" <ebiederm@xmission.com>
Date: Wed, 16 Nov 2011 23:37:59 -0800
Subject: [PATCH] --- yaml --- r: 306007 b: refs/heads/master c:
 9e4a36ece652908276bc4abb4324ec56292453e1 h: refs/heads/master i:   306005:
 bddba6014241e7bd4bba91e40b2707202d17fd50   306003:
 39fb951e54729aa22c0966af1096981c33d1160d   305999:
 d2e1bb2e626de86866ce7f6cf48e029a2c00999a v: v3

---
 [refs]          | 2 +-
 trunk/fs/exec.c | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/[refs] b/[refs]
index cc64f0b34218..e8786ec5be61 100644
--- a/[refs]
+++ b/[refs]
@@ -1,2 +1,2 @@
 ---
-refs/heads/master: a7c1938e22c02b008655524c766d185ae99d9d53
+refs/heads/master: 9e4a36ece652908276bc4abb4324ec56292453e1
diff --git a/trunk/fs/exec.c b/trunk/fs/exec.c
index 00ae2ef100d8..e001bdfac530 100644
--- a/trunk/fs/exec.c
+++ b/trunk/fs/exec.c
@@ -1291,8 +1291,11 @@ int prepare_binprm(struct linux_binprm *bprm)
 	if (!(bprm->file->f_path.mnt->mnt_flags & MNT_NOSUID)) {
 		/* Set-uid? */
 		if (mode & S_ISUID) {
+			if (!kuid_has_mapping(bprm->cred->user_ns, inode->i_uid))
+				return -EPERM;
 			bprm->per_clear |= PER_CLEAR_ON_SETID;
 			bprm->cred->euid = inode->i_uid;
+
 		}
 
 		/* Set-gid? */
@@ -1302,6 +1305,8 @@ int prepare_binprm(struct linux_binprm *bprm)
 		 * executable.
 		 */
 		if ((mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {
+			if (!kgid_has_mapping(bprm->cred->user_ns, inode->i_gid))
+				return -EPERM;
 			bprm->per_clear |= PER_CLEAR_ON_SETID;
 			bprm->cred->egid = inode->i_gid;
 		}