All of lore.kernel.org
 help / color / mirror / Atom feed
From: Cyrill Gorcunov <gorcunov@gmail.com>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>,
	peterz@infradead.org, mingo@redhat.com, mhocko@suse.com,
	keescook@chromium.org, linux-kernel@vger.kernel.org,
	mguzik@redhat.com, bsegall@google.com, john.stultz@linaro.org,
	oleg@redhat.com, matthltc@us.ibm.com, akpm@linux-foundation.org,
	luto@amacapital.net, vbabka@suse.cz, xemul@virtuozzo.com
Subject: Re: [PATCH] prctl: remove one-shot limitation for changing exe link
Date: Mon, 1 Aug 2016 12:04:56 +0300	[thread overview]
Message-ID: <20160801090456.GA26394@uranus.lan> (raw)
In-Reply-To: <87y44j6nib.fsf@x220.int.ebiederm.org>

On Sat, Jul 30, 2016 at 12:31:40PM -0500, Eric W. Biederman wrote:
...
> 
> It is necessary to look at the ordinary situation.  Without
> prctl_set_mm_exe /proc/[pid]/exe can be counted on as a record
> of which executable was last passed to execve.

True.

> Furthermore the state of a process can be counted on to be a state
> reachable from calling execve on /proc/[pid]/exe.

Absolutely not. The state is valid until kernel jumped back to userspace
and give control to an interpretator.

> Which means to preserve those expectations prctl_set_mm_exe_file should
> in practice just be a nicer less cumbersome interface to things you can
> already achieve with execve.
> 
> Justifying removale of the one-short nature for prctl_set_mm_exe_file
> is as straight forward as noting that a process can call execve on
> any executable file.
> 
> However when I compare the invariants that execve has on a file (such as
> the executable being mmaped) I see some noticable disparities between
> what prctl_set_mm_exe_file allows and what execve allows.  With
> prctl_set_mm_exe being less strict.
> 
> So what I am requesting is very simple.  That the checks in
> prctl_set_mm_exe_file be tightened up to more closely approach what
> execve requires.  Thus preserving the value of the /proc/[pid]/exe for
> the applications that want to use the exe link.
> 
> Once the checks in prctl_set_mm_exe_file are tightened up please feel
> free to remove the one shot test.

Thanks a huge for the detailed explanation, but i don't agree here because
assuming that state of a process reachable from calling execve on
/proc/[pid]/exe is not always true.

  parent reply	other threads:[~2016-08-01  9:21 UTC|newest]

Thread overview: 27+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-07-12 15:30 [PATCH] prctl: remove one-shot limitation for changing exe link Stanislav Kinsburskiy
2016-07-12 16:42 ` Oleg Nesterov
2016-07-12 16:52   ` Stanislav Kinsburskiy
2016-07-12 17:01     ` Oleg Nesterov
2016-07-12 16:48 ` Cyrill Gorcunov
2016-07-12 16:52   ` Eric W. Biederman
2016-07-12 17:29     ` Cyrill Gorcunov
2016-07-12 21:42       ` Cyrill Gorcunov
2016-07-13 10:47     ` Stanislav Kinsburskiy
2016-07-18 20:11     ` One Thousand Gnomes
2016-07-20 11:30       ` Stanislav Kinsburskiy
     [not found] ` <8a863273-c571-63d6-c0c3-637dff5645a3@virtuozzo.com>
2016-07-25 18:21   ` Eric W. Biederman
2016-07-25 19:22     ` Cyrill Gorcunov
2016-07-25 19:56       ` Eric W. Biederman
2016-07-26  8:34         ` Cyrill Gorcunov
2016-07-30 17:31           ` Eric W. Biederman
2016-07-30 20:28             ` Mateusz Guzik
2016-07-31 18:45               ` Eric W. Biederman
2016-07-31 18:45               ` Eric W. Biederman
2016-08-22 15:40                 ` Richard Guy Briggs
2016-07-31 22:43             ` Cyrill Gorcunov
2016-07-31 22:49               ` Andy Lutomirski
2016-08-01  9:04             ` Cyrill Gorcunov [this message]
2016-08-10 10:48             ` Stanislav Kinsburskiy
2016-07-26 10:21     ` Stanislav Kinsburskiy
2016-07-12 15:42 Stanislav Kinsburskiy
     [not found] <1d254efe-5410-40c4-af4b-9e898682d0b3@email.android.com>
2016-07-13 10:15 ` Oleg Nesterov

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20160801090456.GA26394@uranus.lan \
    --to=gorcunov@gmail.com \
    --cc=akpm@linux-foundation.org \
    --cc=bsegall@google.com \
    --cc=ebiederm@xmission.com \
    --cc=john.stultz@linaro.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=matthltc@us.ibm.com \
    --cc=mguzik@redhat.com \
    --cc=mhocko@suse.com \
    --cc=mingo@redhat.com \
    --cc=oleg@redhat.com \
    --cc=peterz@infradead.org \
    --cc=skinsbursky@virtuozzo.com \
    --cc=vbabka@suse.cz \
    --cc=xemul@virtuozzo.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.