From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752205AbcHAJVB (ORCPT ); Mon, 1 Aug 2016 05:21:01 -0400 Received: from mail-lf0-f65.google.com ([209.85.215.65]:33982 "EHLO mail-lf0-f65.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751472AbcHAJUv (ORCPT ); Mon, 1 Aug 2016 05:20:51 -0400 Date: Mon, 1 Aug 2016 12:04:56 +0300 From: Cyrill Gorcunov To: "Eric W. Biederman" Cc: Stanislav Kinsburskiy , peterz@infradead.org, mingo@redhat.com, mhocko@suse.com, keescook@chromium.org, linux-kernel@vger.kernel.org, mguzik@redhat.com, bsegall@google.com, john.stultz@linaro.org, oleg@redhat.com, matthltc@us.ibm.com, akpm@linux-foundation.org, luto@amacapital.net, vbabka@suse.cz, xemul@virtuozzo.com Subject: Re: [PATCH] prctl: remove one-shot limitation for changing exe link Message-ID: <20160801090456.GA26394@uranus.lan> References: <20160712152940.24895.61315.stgit@localhost.localdomain> <8a863273-c571-63d6-c0c3-637dff5645a3@virtuozzo.com> <87y44pbmtc.fsf@x220.int.ebiederm.org> <20160725192242.GA26208@uranus> <87a8h58pac.fsf@x220.int.ebiederm.org> <20160726083445.GB26208@uranus> <87y44j6nib.fsf@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <87y44j6nib.fsf@x220.int.ebiederm.org> User-Agent: Mutt/1.6.2 (2016-07-01) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, Jul 30, 2016 at 12:31:40PM -0500, Eric W. Biederman wrote: ... > > It is necessary to look at the ordinary situation. Without > prctl_set_mm_exe /proc/[pid]/exe can be counted on as a record > of which executable was last passed to execve. True. > Furthermore the state of a process can be counted on to be a state > reachable from calling execve on /proc/[pid]/exe. Absolutely not. The state is valid until kernel jumped back to userspace and give control to an interpretator. > Which means to preserve those expectations prctl_set_mm_exe_file should > in practice just be a nicer less cumbersome interface to things you can > already achieve with execve. > > Justifying removale of the one-short nature for prctl_set_mm_exe_file > is as straight forward as noting that a process can call execve on > any executable file. > > However when I compare the invariants that execve has on a file (such as > the executable being mmaped) I see some noticable disparities between > what prctl_set_mm_exe_file allows and what execve allows. With > prctl_set_mm_exe being less strict. > > So what I am requesting is very simple. That the checks in > prctl_set_mm_exe_file be tightened up to more closely approach what > execve requires. Thus preserving the value of the /proc/[pid]/exe for > the applications that want to use the exe link. > > Once the checks in prctl_set_mm_exe_file are tightened up please feel > free to remove the one shot test. Thanks a huge for the detailed explanation, but i don't agree here because assuming that state of a process reachable from calling execve on /proc/[pid]/exe is not always true.