From: ebiederm@xmission.com (Eric W. Biederman)
To: <linux-kernel@vger.kernel.org>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Oleg Nesterov <oleg@redhat.com>, Jann Horn <jannh@google.com>,
Kees Cook <keescook@chromium.org>,
Greg Ungerer <gerg@linux-m68k.org>, Rob Landley <rob@landley.net>,
Bernd Edlinger <bernd.edlinger@hotmail.de>,
<linux-fsdevel@vger.kernel.org>,
Al Viro <viro@ZenIV.linux.org.uk>,
Alexey Dobriyan <adobriyan@gmail.com>,
Andrew Morton <akpm@linux-foundation.org>,
Casey Schaufler <casey@schaufler-ca.com>,
linux-security-module@vger.kernel.org,
James Morris <jmorris@namei.org>,
"Serge E. Hallyn" <serge@hallyn.com>,
Andy Lutomirski <luto@amacapital.net>
Subject: Re: [PATCH v2 0/8] exec: Control flow simplifications
Date: Wed, 20 May 2020 17:12:10 -0500 [thread overview]
Message-ID: <87d06ygssl.fsf@x220.int.ebiederm.org> (raw)
In-Reply-To: <877dx822er.fsf_-_@x220.int.ebiederm.org> (Eric W. Biederman's message of "Mon, 18 May 2020 19:29:00 -0500")
I have pushed this out to:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git exec-next
I have collected up the acks and reviewed-by's, and fixed a couple of
typos but that is it.
If we need comment fixes or additional cleanups we can apply that on top
of this series. This way the code can sit in linux-next until the
merge window opens.
Before I pushed this out I also tested this with Kees new test of
binfmt_misc and did not find any problems.
Eric
The git range-diff of the changes I applied before pushing this out:
1: f6bb0d6563ca ! 1: 87b047d2be41 exec: Teach prepare_exec_creds how exec treats uids & gids
@@ Commit message
update bprm->cred are just need to handle special cases such
as setuid exec and change of domains.
+ Link: https://lkml.kernel.org/r/871rng22dm.fsf_-_@x220.int.ebiederm.org
+ Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+ Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
## kernel/cred.c ##
2: d3b3594be22f ! 2: b8bff599261c exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds
@@ Commit message
Add or upate comments a appropriate to bring them up to date and
to reflect this change.
+ Link: https://lkml.kernel.org/r/87v9kszrzh.fsf_-_@x220.int.ebiederm.org
+ Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+ Acked-by: Casey Schaufler <casey@schaufler-ca.com> # For the LSM and Smack bits
+ Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
## fs/exec.c ##
3: 65c651a77967 ! 3: d9d67b76eed6 exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds
@@ Commit message
In short two renames and a move in the location of initializing
bprm->active_secureexec.
+ Link: https://lkml.kernel.org/r/87o8qkzrxp.fsf_-_@x220.int.ebiederm.org
+ Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+ Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
## fs/exec.c ##
4: 6d0d5da2b45e ! 4: dbf17e846ea9 exec: Allow load_misc_binary to call prepare_binfmt unconditionally
@@ Metadata
Author: Eric W. Biederman <ebiederm@xmission.com>
## Commit message ##
- exec: Allow load_misc_binary to call prepare_binfmt unconditionally
+ exec: Allow load_misc_binary to call prepare_binprm unconditionally
Add a flag preserve_creds that binfmt_misc can set to prevent
credentials from being updated. This allows binfmt_misc to always
- call prepare_binfmt. Allowing the credential computation logic to be
+ call prepare_binprm. Allowing the credential computation logic to be
consolidated.
Not replacing the credentials with the interpreters credentials is
@@ Commit message
exec sees.
Ref: c407c033de84 ("[PATCH] binfmt_misc: improve calculation of interpreter's credentials")
+ Link: https://lkml.kernel.org/r/87imgszrwo.fsf_-_@x220.int.ebiederm.org
+ Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+ Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
## fs/binfmt_misc.c ##
5: af7db65c2483 ! 5: 8a8f3bb8ec41 exec: Move the call of prepare_binprm into search_binary_handler
@@ Commit message
search_binary_handler is called so move the call into search_binary_handler
itself to make the code simpler and easier to understand.
+ Link: https://lkml.kernel.org/r/87d070zrvx.fsf_-_@x220.int.ebiederm.org
+ Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+ Reviewed-by: Kees Cook <keescook@chromium.org>
+ Reviewed-by: James Morris <jamorris@linux.microsoft.com>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
## arch/alpha/kernel/binfmt_loader.c ##
6: 69fccdf33a87 ! 6: 01dbc34d75bf exec/binfmt_script: Don't modify bprm->buf and then return -ENOEXEC
@@ Commit message
has been take that the logic of the parsing code (short of replacing
characters by '\0') remains the same.
+ Link: https://lkml.kernel.org/r/874ksczru6.fsf_-_@x220.int.ebiederm.org
+ Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+ Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
## fs/binfmt_script.c ##
7: 30fe957c6dce ! 7: 6962a6b4de92 exec: Generic execfd support
@@ Commit message
In binfmt_misc the movement of fd_install into generic code means
that it's special error exit path is no longer needed.
+ Link: https://lkml.kernel.org/r/87y2poyd91.fsf_-_@x220.int.ebiederm.org
+ Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+ Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
## fs/binfmt_elf.c ##
@@ fs/exec.c: int begin_new_exec(struct linux_binprm * bprm)
*/
set_mm_exe_file(bprm->mm, bprm->file);
-+ /* If the binary is not readable than enforce mm->dumpable=0 */
++ /* If the binary is not readable then enforce mm->dumpable=0 */
would_dump(bprm, bprm->file);
+ if (bprm->have_execfd)
+ would_dump(bprm, bprm->executable);
8: f0a27d0fde69 ! 8: 226ce5863881 exec: Remove recursion from search_binary_handler
@@ Commit message
reassignments of bprm->file moved to exec_binprm bprm->file can never
be NULL in search_binary_handler.
+ Link: https://lkml.kernel.org/r/87sgfwyd84.fsf_-_@x220.int.ebiederm.org
+ Acked-by: Linus Torvalds <torvalds@linux-foundation.org>
+ Reviewed-by: Kees Cook <keescook@chromium.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
## arch/alpha/kernel/binfmt_loader.c ##
next prev parent reply other threads:[~2020-05-20 22:16 UTC|newest]
Thread overview: 149+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-05-05 19:39 exec: Promised cleanups after introducing exec_update_mutex Eric W. Biederman
2020-05-05 19:41 ` [PATCH 1/7] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf Eric W. Biederman
2020-05-05 20:45 ` Kees Cook
2020-05-06 12:42 ` Greg Ungerer
2020-05-06 12:56 ` Eric W. Biederman
2020-05-05 19:41 ` [PATCH 2/7] exec: Make unlocking exec_update_mutex explict Eric W. Biederman
2020-05-05 20:46 ` Kees Cook
2020-05-05 19:42 ` [PATCH 3/7] exec: Rename the flag called_exec_mmap point_of_no_return Eric W. Biederman
2020-05-05 20:49 ` Kees Cook
2020-05-05 19:43 ` [PATCH 4/7] exec: Merge install_exec_creds into setup_new_exec Eric W. Biederman
2020-05-05 20:50 ` Kees Cook
2020-05-05 19:44 ` [PATCH 5/7] exec: In setup_new_exec cache current in the local variable me Eric W. Biederman
2020-05-05 20:51 ` Kees Cook
2020-05-05 19:45 ` [PATCH 6/7] exec: Move most of setup_new_exec into flush_old_exec Eric W. Biederman
2020-05-05 21:29 ` Kees Cook
2020-05-06 14:57 ` Eric W. Biederman
2020-05-06 15:30 ` Kees Cook
2020-05-07 19:51 ` Eric W. Biederman
2020-05-07 21:51 ` Eric W. Biederman
2020-05-08 5:50 ` Kees Cook
2020-05-05 19:46 ` [PATCH 7/7] exec: Rename flush_old_exec begin_new_exec Eric W. Biederman
2020-05-05 21:30 ` Kees Cook
2020-05-06 12:41 ` exec: Promised cleanups after introducing exec_update_mutex Greg Ungerer
2020-05-08 18:43 ` [PATCH 0/6] exec: Trivial cleanups for exec Eric W. Biederman
2020-05-08 18:44 ` [PATCH 1/6] exec: Move the comment from above de_thread to above unshare_sighand Eric W. Biederman
2020-05-09 5:02 ` Kees Cook
2020-05-08 18:44 ` [PATCH 2/6] exec: Fix spelling of search_binary_handler in a comment Eric W. Biederman
2020-05-09 5:03 ` Kees Cook
2020-05-08 18:45 ` [PATCH 3/6] exec: Stop open coding mutex_lock_killable of cred_guard_mutex Eric W. Biederman
2020-05-09 5:08 ` Kees Cook
2020-05-09 19:18 ` Linus Torvalds
2020-05-09 19:57 ` Eric W. Biederman
2020-05-10 20:33 ` Kees Cook
2020-05-08 18:45 ` [PATCH 4/6] exec: Run sync_mm_rss before taking exec_update_mutex Eric W. Biederman
2020-05-09 5:15 ` Kees Cook
2020-05-09 14:17 ` Eric W. Biederman
2020-05-08 18:47 ` [PATCH 5/6] exec: Move handling of the point of no return to the top level Eric W. Biederman
2020-05-09 5:31 ` Kees Cook
2020-05-09 13:39 ` Eric W. Biederman
2020-05-08 18:48 ` [PATCH 6/6] exec: Set the point of no return sooner Eric W. Biederman
2020-05-09 5:33 ` Kees Cook
2020-05-09 19:40 ` [PATCH 0/5] exec: Control flow simplifications Eric W. Biederman
2020-05-09 19:40 ` [PATCH 1/5] exec: Call cap_bprm_set_creds directly from prepare_binprm Eric W. Biederman
2020-05-09 20:04 ` Linus Torvalds
2020-05-09 19:41 ` [PATCH 2/5] exec: Directly call security_bprm_set_creds from __do_execve_file Eric W. Biederman
2020-05-09 20:07 ` Linus Torvalds
2020-05-09 20:12 ` Eric W. Biederman
2020-05-09 20:19 ` Linus Torvalds
2020-05-11 3:15 ` Kees Cook
2020-05-11 16:52 ` Eric W. Biederman
2020-05-11 21:18 ` Kees Cook
2020-05-09 19:41 ` [PATCH 3/5] exec: Remove recursion from search_binary_handler Eric W. Biederman
2020-05-09 20:16 ` Linus Torvalds
2020-05-10 4:22 ` Tetsuo Handa
2020-05-10 19:38 ` Linus Torvalds
2020-05-11 14:33 ` Eric W. Biederman
2020-05-11 19:10 ` Rob Landley
2020-05-13 21:59 ` Eric W. Biederman
2020-05-14 18:46 ` Rob Landley
2020-05-11 21:55 ` Kees Cook
2020-05-12 18:42 ` Eric W. Biederman
2020-05-12 19:25 ` Kees Cook
2020-05-12 20:31 ` Eric W. Biederman
2020-05-12 23:08 ` Kees Cook
2020-05-12 23:47 ` Kees Cook
2020-05-12 23:51 ` Kees Cook
2020-05-14 14:56 ` Eric W. Biederman
2020-05-14 16:56 ` Casey Schaufler
2020-05-14 17:02 ` Eric W. Biederman
2020-05-13 0:20 ` Linus Torvalds
2020-05-13 2:39 ` Rob Landley
2020-05-13 19:51 ` Linus Torvalds
2020-05-14 16:49 ` Eric W. Biederman
2020-05-09 19:42 ` [PATCH 4/5] exec: Allow load_misc_binary to call prepare_binfmt unconditionally Eric W. Biederman
2020-05-11 22:09 ` Kees Cook
2020-05-09 19:42 ` [PATCH 5/5] exec: Move the call of prepare_binprm into search_binary_handler Eric W. Biederman
2020-05-11 22:24 ` Kees Cook
2020-05-19 0:29 ` [PATCH v2 0/8] exec: Control flow simplifications Eric W. Biederman
2020-05-19 0:29 ` [PATCH v2 1/8] exec: Teach prepare_exec_creds how exec treats uids & gids Eric W. Biederman
2020-05-19 18:03 ` Kees Cook
2020-05-19 18:28 ` Linus Torvalds
2020-05-19 18:57 ` Eric W. Biederman
2020-05-19 0:30 ` [PATCH v2 2/8] exec: Factor security_bprm_creds_for_exec out of security_bprm_set_creds Eric W. Biederman
2020-05-19 15:34 ` Casey Schaufler
2020-05-19 18:10 ` Kees Cook
2020-05-19 21:28 ` James Morris
2020-05-19 0:31 ` [PATCH v2 3/8] exec: Convert security_bprm_set_creds into security_bprm_repopulate_creds Eric W. Biederman
2020-05-19 18:21 ` Kees Cook
2020-05-19 19:03 ` Eric W. Biederman
2020-05-19 19:14 ` Kees Cook
2020-05-20 20:22 ` Eric W. Biederman
2020-05-20 20:53 ` Kees Cook
2020-05-19 21:52 ` James Morris
2020-05-20 12:40 ` Eric W. Biederman
2020-05-19 0:31 ` [PATCH v2 4/8] exec: Allow load_misc_binary to call prepare_binfmt unconditionally Eric W. Biederman
2020-05-19 18:27 ` Kees Cook
2020-05-19 19:08 ` Eric W. Biederman
2020-05-19 19:17 ` Kees Cook
2020-05-19 0:32 ` [PATCH v2 5/8] exec: Move the call of prepare_binprm into search_binary_handler Eric W. Biederman
2020-05-19 18:27 ` Kees Cook
2020-05-19 21:30 ` James Morris
2020-05-19 0:33 ` [PATCH v2 6/8] exec/binfmt_script: Don't modify bprm->buf and then return -ENOEXEC Eric W. Biederman
2020-05-19 19:08 ` Kees Cook
2020-05-19 19:19 ` Eric W. Biederman
2020-05-19 0:33 ` [PATCH v2 7/8] exec: Generic execfd support Eric W. Biederman
2020-05-19 19:46 ` Kees Cook
2020-05-19 19:54 ` Linus Torvalds
2020-05-19 20:20 ` Eric W. Biederman
2020-05-19 21:59 ` Rob Landley
2020-05-20 16:05 ` Eric W. Biederman
2020-05-21 22:50 ` Rob Landley
2020-05-22 3:28 ` Eric W. Biederman
2020-05-22 4:51 ` Rob Landley
2020-05-22 13:35 ` Eric W. Biederman
2020-05-19 0:34 ` [PATCH v2 8/8] exec: Remove recursion from search_binary_handler Eric W. Biederman
2020-05-19 20:37 ` Kees Cook
2020-05-19 1:25 ` [PATCH v2 0/8] exec: Control flow simplifications Linus Torvalds
2020-05-19 21:55 ` Kees Cook
2020-05-20 13:02 ` Eric W. Biederman
2020-05-20 22:12 ` Eric W. Biederman [this message]
2020-05-20 23:43 ` Kees Cook
2020-05-21 11:53 ` Eric W. Biederman
2020-05-28 15:38 ` [PATCH 0/11] exec: cred calculation simplifications Eric W. Biederman
2020-05-28 15:41 ` [PATCH 01/11] exec: Reduce bprm->per_clear to a single bit Eric W. Biederman
2020-05-28 19:04 ` Linus Torvalds
2020-05-28 19:17 ` Eric W. Biederman
2020-05-28 15:42 ` [PATCH 02/11] exec: Introduce active_per_clear the per file version of per_clear Eric W. Biederman
2020-05-28 19:05 ` Linus Torvalds
2020-05-28 15:42 ` [PATCH 03/11] exec: Compute file based creds only once Eric W. Biederman
2020-05-28 15:43 ` [PATCH 04/11] exec: Move uid/gid handling from creds_from_file into bprm_fill_uid Eric W. Biederman
2020-05-28 15:44 ` Eric W. Biederman
2020-05-28 15:44 ` [PATCH 05/11] exec: In bprm_fill_uid use CAP_SETGID to see if a gid change is safe Eric W. Biederman
2020-05-28 15:48 ` [PATCH 06/11] exec: Don't set secureexec when the uid or gid changes are abandoned Eric W. Biederman
2020-05-28 15:48 ` [PATCH 07/11] exec: Set saved, fs, and effective ids together in bprm_fill_uid Eric W. Biederman
2020-05-28 15:49 ` [PATCH 08/11] exec: In bprm_fill_uid remove unnecessary no new privs check Eric W. Biederman
2020-05-28 15:49 ` [PATCH 09/11] exec: In bprm_fill_uid only set per_clear when honoring suid or sgid Eric W. Biederman
2020-05-28 19:08 ` Linus Torvalds
2020-05-28 19:21 ` Eric W. Biederman
2020-05-28 15:50 ` [PATCH 10/11] exec: In bprm_fill_uid set secureexec at same time as per_clear Eric W. Biederman
2020-05-28 15:50 ` [PATCH 11/11] exec: Remove the label after_setid from bprm_fill_uid Eric W. Biederman
2020-05-29 16:45 ` [PATCH 0/2] exec: Remove the computation of bprm->cred Eric W. Biederman
2020-05-29 16:46 ` [PATCH 1/2] exec: Add a per bprm->file version of per_clear Eric W. Biederman
2020-05-29 21:06 ` Kees Cook
2020-05-30 3:23 ` Eric W. Biederman
2020-05-30 5:14 ` Kees Cook
2020-05-29 16:47 ` [PATCH 2/2] exec: Compute file based creds only once Eric W. Biederman
2020-05-29 21:24 ` Kees Cook
2020-05-30 3:28 ` Eric W. Biederman
2020-05-30 5:18 ` Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=87d06ygssl.fsf@x220.int.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=bernd.edlinger@hotmail.de \
--cc=casey@schaufler-ca.com \
--cc=gerg@linux-m68k.org \
--cc=jannh@google.com \
--cc=jmorris@namei.org \
--cc=keescook@chromium.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=luto@amacapital.net \
--cc=oleg@redhat.com \
--cc=rob@landley.net \
--cc=serge@hallyn.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@ZenIV.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).