From: Linus Torvalds <torvalds@linux-foundation.org>
To: Rob Landley <rob@landley.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>,
Kees Cook <keescook@chromium.org>,
Tetsuo Handa <penguin-kernel@i-love.sakura.ne.jp>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Oleg Nesterov <oleg@redhat.com>, Jann Horn <jannh@google.com>,
Greg Ungerer <gerg@linux-m68k.org>,
Bernd Edlinger <bernd.edlinger@hotmail.de>,
linux-fsdevel <linux-fsdevel@vger.kernel.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Alexey Dobriyan <adobriyan@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Casey Schaufler <casey@schaufler-ca.com>,
LSM List <linux-security-module@vger.kernel.org>,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andy Lutomirski <luto@amacapital.net>
Subject: Re: [PATCH 3/5] exec: Remove recursion from search_binary_handler
Date: Wed, 13 May 2020 12:51:59 -0700 [thread overview]
Message-ID: <CAHk-=wjgYDMabsEDW_W3iU0jD8RhndQAMhR2HSMkMZ3rTCQbVg@mail.gmail.com> (raw)
In-Reply-To: <6f282d0a-b448-14e9-cd4f-92cce99cc36f@landley.net>
On Tue, May 12, 2020 at 7:32 PM Rob Landley <rob@landley.net> wrote:
>
> On 5/12/20 7:20 PM, Linus Torvalds wrote:
> > Ack. I think the AT_EXECFD thing is a sign that this isn't internal to
> > binfmt_misc, but it also shouldn't be gating this issue. In reality,
> > ELF is the only real binary format that matters - the script/misc
> > binfmts are just indirection entries - and it supports AT_EXECFD, so
> > let's just ignore the theoretical case of "maybe nobody exposes it".
>
> Would this potentially make the re-exec-yourself case easier to do at some
> point? (Which nommu needs to do, and /proc/self/exe isn't always available.)
AT_EXECFD may be an ELF thing, but normal ELF binaries don't do that
"we have a fd". So it only triggers for binfmt_misc (and only when the
flag is set for "I want the fd").
So no, this wouldn't help re-exec-yourself in general.
Although I guess we could add an ELF section note that does that whole
"executable fd" thing for other things too.
Everything is possible in theory..
Linus
next prev parent reply other threads:[~2020-05-13 19:52 UTC|newest]
Thread overview: 108+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87h7wujhmz.fsf@x220.int.ebiederm.org>
[not found] ` <87sgga6ze4.fsf@x220.int.ebiederm.org>
2020-05-09 19:40 ` [PATCH 0/5] exec: Control flow simplifications Eric W. Biederman
2020-05-09 19:40 ` [PATCH 1/5] exec: Call cap_bprm_set_creds directly from prepare_binprm Eric W. Biederman
2020-05-09 20:04 ` Linus Torvalds
2020-05-09 19:41 ` [PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file Eric W. Biederman
2020-05-09 20:07 ` Linus Torvalds
2020-05-09 20:12 ` Eric W. Biederman
2020-05-09 20:19 ` Linus Torvalds
2020-05-11 3:15 ` Kees Cook
2020-05-11 16:52 ` Eric W. Biederman
2020-05-11 21:18 ` Kees Cook
2020-05-09 19:41 ` [PATCH 3/5] exec: Remove recursion from search_binary_handler Eric W. Biederman
2020-05-09 20:16 ` Linus Torvalds
2020-05-10 4:22 ` Tetsuo Handa
2020-05-10 19:38 ` Linus Torvalds
2020-05-11 14:33 ` Eric W. Biederman
2020-05-11 19:10 ` Rob Landley
2020-05-13 21:59 ` Eric W. Biederman
2020-05-14 18:46 ` Rob Landley
2020-05-11 21:55 ` Kees Cook
2020-05-12 18:42 ` Eric W. Biederman
2020-05-12 19:25 ` Kees Cook
2020-05-12 20:31 ` Eric W. Biederman
2020-05-12 23:08 ` Kees Cook
2020-05-12 23:47 ` Kees Cook
2020-05-12 23:51 ` Kees Cook
2020-05-14 14:56 ` Eric W. Biederman
2020-05-14 16:56 ` Casey Schaufler
2020-05-14 17:02 ` Eric W. Biederman
2020-05-13 0:20 ` Linus Torvalds
2020-05-13 2:39 ` Rob Landley
2020-05-13 19:51 ` Linus Torvalds [this message]
2020-05-14 16:49 ` Eric W. Biederman
2020-05-09 19:42 ` [PATCH 4/5] exec: Allow load_misc_binary to call prepare_binfmt unconditionally Eric W. Biederman
2020-05-11 22:09 ` Kees Cook
2020-05-09 19:42 ` [PATCH 5/5] exec: Move the call of prepare_binprm into search_binary_handler Eric W. Biederman
2020-05-11 22:24 ` Kees Cook
2020-05-19 0:29 ` [PATCH v2 0/8] exec: Control flow simplifications Eric W. Biederman
2020-05-19 0:29 ` [PATCH v2 1/8] exec: Teach prepare_exec_creds how exec treats uids & gids Eric W. Biederman
2020-05-19 18:03 ` Kees Cook
2020-05-19 18:28 ` Linus Torvalds
2020-05-19 18:57 ` Eric W. Biederman
2020-05-19 0:30 ` [PATCH v2 2/8] exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds Eric W. Biederman
2020-05-19 15:34 ` Casey Schaufler
2020-05-19 18:10 ` Kees Cook
2020-05-19 21:28 ` James Morris
2020-05-19 0:31 ` [PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds Eric W. Biederman
2020-05-19 18:21 ` Kees Cook
2020-05-19 19:03 ` Eric W. Biederman
2020-05-19 19:14 ` Kees Cook
2020-05-20 20:22 ` Eric W. Biederman
2020-05-20 20:53 ` Kees Cook
2020-05-19 21:52 ` James Morris
2020-05-20 12:40 ` Eric W. Biederman
2020-05-19 0:31 ` [PATCH v2 4/8] exec: Allow load_misc_binary to call prepare_binfmt unconditionally Eric W. Biederman
2020-05-19 18:27 ` Kees Cook
2020-05-19 19:08 ` Eric W. Biederman
2020-05-19 19:17 ` Kees Cook
2020-05-19 0:32 ` [PATCH v2 5/8] exec: Move the call of prepare_binprm into search_binary_handler Eric W. Biederman
2020-05-19 18:27 ` Kees Cook
2020-05-19 21:30 ` James Morris
2020-05-19 0:33 ` [PATCH v2 6/8] exec/binfmt_script: Don't modify bprm->buf and then return -ENOEXEC Eric W. Biederman
2020-05-19 19:08 ` Kees Cook
2020-05-19 19:19 ` Eric W. Biederman
2020-05-19 0:33 ` [PATCH v2 7/8] exec: Generic execfd support Eric W. Biederman
2020-05-19 19:46 ` Kees Cook
2020-05-19 19:54 ` Linus Torvalds
2020-05-19 20:20 ` Eric W. Biederman
2020-05-19 21:59 ` Rob Landley
2020-05-20 16:05 ` Eric W. Biederman
2020-05-21 22:50 ` Rob Landley
2020-05-22 3:28 ` Eric W. Biederman
2020-05-22 4:51 ` Rob Landley
2020-05-22 13:35 ` Eric W. Biederman
2020-05-19 0:34 ` [PATCH v2 8/8] exec: Remove recursion from search_binary_handler Eric W. Biederman
2020-05-19 20:37 ` Kees Cook
2020-05-19 1:25 ` [PATCH v2 0/8] exec: Control flow simplifications Linus Torvalds
2020-05-19 21:55 ` Kees Cook
2020-05-20 13:02 ` Eric W. Biederman
2020-05-20 22:12 ` Eric W. Biederman
2020-05-20 23:43 ` Kees Cook
2020-05-21 11:53 ` Eric W. Biederman
2020-05-28 15:38 ` [PATCH 0/11] exec: cred calculation simplifications Eric W. Biederman
2020-05-28 15:41 ` [PATCH 01/11] exec: Reduce bprm->per_clear to a single bit Eric W. Biederman
2020-05-28 19:04 ` Linus Torvalds
2020-05-28 19:17 ` Eric W. Biederman
2020-05-28 15:42 ` [PATCH 02/11] exec: Introduce active_per_clear the per file version of per_clear Eric W. Biederman
2020-05-28 19:05 ` Linus Torvalds
2020-05-28 15:42 ` [PATCH 03/11] exec: Compute file based creds only once Eric W. Biederman
2020-05-28 15:43 ` [PATCH 04/11] exec: Move uid/gid handling from creds_from_file into bprm_fill_uid Eric W. Biederman
2020-05-28 15:44 ` Eric W. Biederman
2020-05-28 15:44 ` [PATCH 05/11] exec: In bprm_fill_uid use CAP_SETGID to see if a gid change is safe Eric W. Biederman
2020-05-28 15:48 ` [PATCH 06/11] exec: Don't set secureexec when the uid or gid changes are abandoned Eric W. Biederman
2020-05-28 15:48 ` [PATCH 07/11] exec: Set saved, fs, and effective ids together in bprm_fill_uid Eric W. Biederman
2020-05-28 15:49 ` [PATCH 08/11] exec: In bprm_fill_uid remove unnecessary no new privs check Eric W. Biederman
2020-05-28 15:49 ` [PATCH 09/11] exec: In bprm_fill_uid only set per_clear when honoring suid or sgid Eric W. Biederman
2020-05-28 19:08 ` Linus Torvalds
2020-05-28 19:21 ` Eric W. Biederman
2020-05-28 15:50 ` [PATCH 10/11] exec: In bprm_fill_uid set secureexec at same time as per_clear Eric W. Biederman
2020-05-28 15:50 ` [PATCH 11/11] exec: Remove the label after_setid from bprm_fill_uid Eric W. Biederman
2020-05-29 16:45 ` [PATCH 0/2] exec: Remove the computation of bprm->cred Eric W. Biederman
2020-05-29 16:46 ` [PATCH 1/2] exec: Add a per bprm->file version of per_clear Eric W. Biederman
2020-05-29 21:06 ` Kees Cook
2020-05-30 3:23 ` Eric W. Biederman
2020-05-30 5:14 ` Kees Cook
2020-05-29 16:47 ` [PATCH 2/2] exec: Compute file based creds only once Eric W. Biederman
2020-05-29 21:24 ` Kees Cook
2020-05-30 3:28 ` Eric W. Biederman
2020-05-30 5:18 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wjgYDMabsEDW_W3iU0jD8RhndQAMhR2HSMkMZ3rTCQbVg@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=bernd.edlinger@hotmail.de \
--cc=casey@schaufler-ca.com \
--cc=ebiederm@xmission.com \
--cc=gerg@linux-m68k.org \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oleg@redhat.com \
--cc=penguin-kernel@i-love.sakura.ne.jp \
--cc=rob@landley.net \
--cc=serge@hallyn.com \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).