From: Al Viro <viro@ZenIV.linux.org.uk>
To: Denys Vlasenko <vda.linux@googlemail.com>
Cc: Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Andrew Morton <akpm@linux-foundation.org>,
Mike Frysinger <vapier@gentoo.org>
Subject: Re: [PATCH] allow execve'ing "/proc/self/exe" even if /proc is not mounted
Date: Thu, 25 Jun 2009 00:58:56 +0100 [thread overview]
Message-ID: <20090624235856.GZ8633@ZenIV.linux.org.uk> (raw)
In-Reply-To: <1158166a0906241600w5f7f4ffcm49d9c849f0c27f72@mail.gmail.com>
On Thu, Jun 25, 2009 at 01:00:56AM +0200, Denys Vlasenko wrote:
> More elegant way is to execute /proc/self/exe.
> This works just fine as long as /proc is mounted.
So mount it.
> But it breaks if /proc isn't mounted, and this can happen in real-world
> usage. For example, when shell invoked very early in initrd/initramfs.
So mount it.
> With this patch, it is possible to execute /proc/self/exe
> even if /proc is not mounted.
> How patch does it: when execve syscall discovers that opening of binary
> image fails, a small bit of code is added to special case "/proc/self/exe"
> string. If binary name is *exactly* that string, and if error is ENOENT
> or EACCES, then exec will still succeed, using current binary's image.
>
> Please apply.
No. This is just plain sick. Magical pathnames have no business being
in the kernel. If procfs is too much for your sensitive soul, do an
extremely trimmed-down version that would consist of *one* *file* (yes,
as root and only node on fs). Said file being a procfs-style symlink,
doing exactly what /proc/self/exec would do.
On such system you can just mkdir /proc/self, touch /proc/self/exec,
mount -t self_exec none /proc/self/exec and be done with that. No
magic needed, end of the story.
next prev parent reply other threads:[~2009-06-24 23:59 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-06-24 23:00 [PATCH] allow execve'ing "/proc/self/exe" even if /proc is not mounted Denys Vlasenko
2009-06-24 23:21 ` Andrew Morton
2009-06-24 23:49 ` Denys Vlasenko
2009-06-24 14:51 ` Pavel Machek
2009-06-25 0:26 ` Andrew Morton
2009-06-26 8:06 ` Florian Weimer
2009-06-24 23:58 ` Al Viro [this message]
2009-06-25 0:07 ` Mike Frysinger
2009-06-26 23:18 ` Denys Vlasenko
2009-06-25 8:10 ` Alan Cox
2009-06-26 8:00 ` Denys Vlasenko
2009-06-26 13:26 ` Mike Frysinger
2009-06-26 22:55 ` Denys Vlasenko
2009-06-28 19:31 ` Mike Frysinger
2009-06-25 18:02 ` Eric W. Biederman
2009-06-25 18:16 ` Mike Frysinger
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20090624235856.GZ8633@ZenIV.linux.org.uk \
--to=viro@zeniv.linux.org.uk \
--cc=akpm@linux-foundation.org \
--cc=linux-kernel@vger.kernel.org \
--cc=vapier@gentoo.org \
--cc=vda.linux@googlemail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.