From: Cyrill Gorcunov <gorcunov@openvz.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
richard -rw- weinberger <richard.weinberger@gmail.com>,
LKML <linux-kernel@vger.kernel.org>,
Oleg Nesterov <oleg@redhat.com>,
KOSAKI Motohiro <kosaki.motohiro@jp.fujitsu.com>,
Pavel Emelyanov <xemul@parallels.com>,
Kees Cook <keescook@chromium.org>, Tejun Heo <tj@kernel.org>,
Matt Helsley <matthltc@us.ibm.com>
Subject: Re: [patch 1/2] c/r: prctl: Add ability to set new mm_struct::exe_file
Date: Fri, 23 Mar 2012 10:41:36 +0400 [thread overview]
Message-ID: <20120323064136.GA6766@moon> (raw)
In-Reply-To: <m14ntgxl30.fsf@fess.ebiederm.org>
On Thu, Mar 22, 2012 at 04:38:43PM -0700, Eric W. Biederman wrote:
> >
> > Andrew, take a look please, will the changelog and comments look
> > better?
>
> Can you change this to take an actual address and get the exe_file
> from an mmapped area and make certain that the mmaped_area is already
> mapped MAP_EXEC.
>
> That will prevent out-right lies.
>
> At least then we will know that exe_file will at least be a file that is
> mapped executable in the process's address space. It's not a lot better
> but it makes /proc/<pid>/exe at almost as trustable as it is now.
This won't work for all cases. When we restore a program we map new
VM_EXEC areas _without_ vma::vm_file field.
Cyrill
next prev parent reply other threads:[~2012-03-23 6:41 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-03-16 20:55 [patch 0/2] [PATCH 0/2] prctl extension in a sake of c/r Cyrill Gorcunov
2012-03-16 20:55 ` [patch 1/2] c/r: prctl: Add ability to set new mm_struct::exe_file Cyrill Gorcunov
2012-03-19 22:15 ` Andrew Morton
2012-03-19 22:39 ` Cyrill Gorcunov
2012-03-19 22:41 ` richard -rw- weinberger
2012-03-19 22:46 ` Andrew Morton
2012-03-19 22:50 ` Cyrill Gorcunov
2012-03-19 22:59 ` Andrew Morton
2012-03-19 23:12 ` Cyrill Gorcunov
2012-03-19 23:02 ` richard -rw- weinberger
2012-03-19 23:17 ` Cyrill Gorcunov
2012-03-19 23:23 ` richard -rw- weinberger
2012-03-20 6:55 ` Cyrill Gorcunov
2012-03-22 23:38 ` Eric W. Biederman
2012-03-23 6:41 ` Cyrill Gorcunov [this message]
2012-03-23 6:47 ` Cyrill Gorcunov
2012-03-23 17:06 ` Matt Helsley
2012-03-19 22:47 ` Cyrill Gorcunov
2012-03-16 20:55 ` [patch 2/2] c/r: prctl: Add ability to get clear_tid_address Cyrill Gorcunov
2012-03-19 16:51 ` Kees Cook
2012-03-19 16:55 ` Cyrill Gorcunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20120323064136.GA6766@moon \
--to=gorcunov@openvz.org \
--cc=akpm@linux-foundation.org \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=kosaki.motohiro@jp.fujitsu.com \
--cc=linux-kernel@vger.kernel.org \
--cc=matthltc@us.ibm.com \
--cc=oleg@redhat.com \
--cc=richard.weinberger@gmail.com \
--cc=tj@kernel.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.