From: Al Viro <viro@ZenIV.linux.org.uk>
To: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>,
Matt Helsley <matthltc@us.ibm.com>,
xemul@parallels.com, containers@lists.linux-foundation.org,
linux-kernel@vger.kernel.org, dave@linux.vnet.ibm.com,
mingo@elte.hu, torvalds@linux-foundation.org,
linux-fsdevel@vger.kernel.org
Subject: Re: [PATCH 1/9] exec_path 1/9: introduce ->exec_path and switch /proc/*/exe
Date: Sat, 6 Jun 2009 08:22:44 +0100 [thread overview]
Message-ID: <20090606072244.GA13497@ZenIV.linux.org.uk> (raw)
In-Reply-To: <20090603230422.GB853@x200.localdomain>
On Thu, Jun 04, 2009 at 03:04:22AM +0400, Alexey Dobriyan wrote:
> diff --git a/fs/binfmt_som.c b/fs/binfmt_som.c
> index eff74b9..6c56262 100644
> --- a/fs/binfmt_som.c
> +++ b/fs/binfmt_som.c
> @@ -174,6 +174,7 @@ static int map_som_binary(struct file *file,
> up_write(¤t->mm->mmap_sem);
> if (retval > 0 || retval < -1024)
> retval = 0;
> + set_task_exec_path(current, &bprm->file->f_path);
Oh? Even on failure exits?
> + if (!path->mnt || !path->dentry)
> + return -ENOENT;
Umm... I really don't like that. Note that path with NULL vfsmount
and non-NULL dentry should never happen. If anything, we ought
to add path_empty(path) (!(path)->mnt) and convert such places to it.
> +static inline void set_task_exec_path(struct task_struct *tsk, struct path *path)
> +{
> + struct path old_path;
> +
> + path_get(path);
> + task_lock(tsk);
> + old_path = tsk->exec_path;
> + tsk->exec_path = *path;
> + task_unlock(tsk);
> + path_put(&old_path);
> +}
Do we ever have a right to do that to anything other than current? Note
that fork() is a special case anyway...
> + set_task_exec_path(tsk, &(struct path){ .mnt = NULL, .dentry = NULL });
Ew...
> + get_task_exec_path(current, &p->exec_path);
> +
We already have that value sitting there, so why not get_path(&p->exec_path)?
The real problem I have with that we *really* can't umount the filesystem
that used to host the binary anymore. At all.
Frankly, I'm almost tempted to add explicit way to switch the damn thing
via /proc/self/something - e.g. allow a binary to write a pathname to
/proc/self/set_exec and have that switch the sucker. The interesting
part, of course, is figuring out the security implications of that...
next prev parent reply other threads:[~2009-06-06 7:23 UTC|newest]
Thread overview: 67+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-05-26 11:36 [PATCH 14/38] Remove struct mm_struct::exe_file et al Matt Helsley
2009-05-26 23:24 ` Andrew Morton
[not found] ` <20090526162415.fb9cefef.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-05-31 21:54 ` Alexey Dobriyan
2009-05-31 21:54 ` Alexey Dobriyan
[not found] ` <20090531215427.GA29534-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-05-31 22:19 ` Andrew Morton
2009-05-31 22:19 ` Andrew Morton
[not found] ` <20090531151953.8f8b14b5.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-05-31 23:15 ` Linus Torvalds
2009-05-31 23:15 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0905311613260.3435-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-05-31 23:50 ` Andrew Morton
2009-05-31 23:50 ` Andrew Morton
[not found] ` <20090531165026.376a914c.akpm-de/tnXTf+JLsfHDXvbKv3WD2FQJk+8+b@public.gmane.org>
2009-06-01 0:02 ` Linus Torvalds
2009-06-01 0:02 ` Linus Torvalds
2009-06-03 23:04 ` [PATCH 1/9] exec_path 1/9: introduce ->exec_path and switch /proc/*/exe Alexey Dobriyan
2009-06-03 23:04 ` Alexey Dobriyan
2009-06-03 23:05 ` [PATCH 2/9] exec_path 2/9: switch audit to ->exec_path Alexey Dobriyan
2009-06-03 23:06 ` [PATCH 5/9] exec_path 5/9: make struct spu_context::owner task_struct Alexey Dobriyan
2009-06-03 23:07 ` [PATCH 7/9] exec_path 7/9: switch cell SPU thing to ->exec_path Alexey Dobriyan
2009-06-03 23:07 ` [PATCH 8/9] exec_path 8/9: remove ->exe_file et al Alexey Dobriyan
2009-06-03 23:08 ` [PATCH 9/9] exec_path 9/9: remove VM_EXECUTABLE Alexey Dobriyan
2009-06-04 7:24 ` Matt Helsley
[not found] ` <20090603230810.GJ853-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-06-04 7:24 ` Matt Helsley
[not found] ` <20090603230422.GB853-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-06-03 23:05 ` [PATCH 2/9] exec_path 2/9: switch audit to ->exec_path Alexey Dobriyan
2009-06-03 23:05 ` [PATCH 3/9] exec_path 3/9: switch TOMOYO " Alexey Dobriyan
2009-06-03 23:05 ` Alexey Dobriyan
2009-06-03 23:06 ` [PATCH 4/9] exec_path 4/9: switch oprofile " Alexey Dobriyan
2009-06-03 23:06 ` Alexey Dobriyan
2009-06-03 23:06 ` [PATCH 5/9] exec_path 5/9: make struct spu_context::owner task_struct Alexey Dobriyan
2009-06-03 23:06 ` [PATCH 6/9] exec_path 6/9: add struct spu::tsk Alexey Dobriyan
2009-06-03 23:06 ` Alexey Dobriyan
2009-06-03 23:07 ` [PATCH 7/9] exec_path 7/9: switch cell SPU thing to ->exec_path Alexey Dobriyan
2009-06-03 23:07 ` [PATCH 8/9] exec_path 8/9: remove ->exe_file et al Alexey Dobriyan
2009-06-03 23:08 ` [PATCH 9/9] exec_path 9/9: remove VM_EXECUTABLE Alexey Dobriyan
2009-06-03 23:36 ` [PATCH 1/9] exec_path 1/9: introduce ->exec_path and switch /proc/*/exe Linus Torvalds
2009-06-04 7:55 ` Matt Helsley
2009-06-05 10:45 ` Christoph Hellwig
2009-06-06 7:22 ` Al Viro
2009-06-03 23:36 ` Linus Torvalds
2009-06-04 7:55 ` Matt Helsley
[not found] ` <20090604075532.GU9285-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-06-04 8:10 ` Matt Helsley
2009-06-04 15:07 ` Linus Torvalds
2009-06-04 8:10 ` Matt Helsley
2009-06-04 15:07 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0906040803410.4880-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-06-04 21:30 ` Matt Helsley
2009-06-04 21:30 ` Matt Helsley
2009-06-04 22:42 ` Alexey Dobriyan
2009-06-05 3:49 ` Matt Helsley
[not found] ` <20090604224239.GA10666-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-06-05 3:49 ` Matt Helsley
[not found] ` <20090604213033.GZ9285-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-06-04 22:42 ` Alexey Dobriyan
2009-06-05 10:45 ` Christoph Hellwig
[not found] ` <20090605104517.GA11713-wEGCiKHe2LqWVfeAwA7xHQ@public.gmane.org>
2009-06-05 15:10 ` Linus Torvalds
2009-06-05 15:10 ` Linus Torvalds
2009-06-05 15:41 ` Alexey Dobriyan
[not found] ` <20090605154147.GA16766-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-06-05 15:49 ` Linus Torvalds
2009-06-05 15:49 ` Linus Torvalds
2009-06-05 16:09 ` Alexey Dobriyan
[not found] ` <20090605160943.GA5262-2ev+ksY9ol182hYKe6nXyg@public.gmane.org>
2009-06-05 16:48 ` Linus Torvalds
2009-06-05 16:48 ` Linus Torvalds
[not found] ` <alpine.LFD.2.01.0906050942450.6847-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-06-05 17:46 ` Alexey Dobriyan
2009-06-05 17:46 ` Alexey Dobriyan
[not found] ` <alpine.LFD.2.01.0906050848520.6847-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-06-05 16:09 ` Alexey Dobriyan
[not found] ` <alpine.LFD.2.01.0906050808551.6847-bi+AKbBUZKY6gyzm1THtWbp2dZbC/Bob@public.gmane.org>
2009-06-05 15:41 ` Alexey Dobriyan
2009-06-06 7:22 ` Al Viro [this message]
[not found] ` <20090606072244.GA13497-3bDd1+5oDREiFSDQTTA3OLVCufUGDwFn@public.gmane.org>
2009-06-15 22:10 ` Alexey Dobriyan
2009-06-15 22:10 ` Alexey Dobriyan
2009-06-01 17:30 ` [PATCH 14/38] Remove struct mm_struct::exe_file et al Matt Helsley
2009-06-01 17:30 ` Matt Helsley
[not found] ` <20090526113618.GJ28083-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-05-26 23:24 ` Andrew Morton
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090606072244.GA13497@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=containers@lists.linux-foundation.org \
--cc=dave@linux.vnet.ibm.com \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=matthltc@us.ibm.com \
--cc=mingo@elte.hu \
--cc=torvalds@linux-foundation.org \
--cc=xemul@parallels.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.