From: Al Viro <viro@zeniv.linux.org.uk>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: Kees Cook <kees@kernel.org>,
linux-kernel@vger.kernel.org,
Christophe JAILLET <christophe.jaillet@wanadoo.fr>,
"Eric W. Biederman" <ebiederm@xmission.com>,
Nir Lichtman <nir@lichtman.org>,
Tycho Andersen <tandersen@netflix.com>,
Vegard Nossum <vegard.nossum@oracle.com>
Subject: Re: [GIT PULL] execve updates for v6.13-rc1 (take 2)
Date: Thu, 28 Nov 2024 02:05:58 +0000 [thread overview]
Message-ID: <20241128020558.GF3387508@ZenIV> (raw)
In-Reply-To: <CAHk-=wi+_a9Y8DtEp2P9RnDCjn=gd4ym_5ddSTEAadAyzy1rkw@mail.gmail.com>
On Wed, Nov 27, 2024 at 05:59:53PM -0800, Linus Torvalds wrote:
> On Wed, 27 Nov 2024 at 16:53, Kees Cook <kees@kernel.org> wrote:
> >
> > On a related note, what do you think of using execveat's "pathname"
> > argument as "comm" if AT_EMPTY_PATH is set? That'll give process
> > launchers control over comm (which is what they want), and we can keep
> > the dentry name fallback as proposed too?
>
> That's not actually how AT_EMPTY_PATH works.
>
> Yes, it's how AT_EMPTY_PATH *should* work, but despite the name,
> AT_EMPTYH_PATH does not mean "path is empty".
>
> It means "path *may* be empty - but if path isn't empty, it's a regular path".
>
> IOW, what is going on is that POSIX required that an empty path be an
> error. And AT_EMPTY_PATH is basically a "don't error out on an empty
> path" flag, not a "path *is* empty" flag.
>
> So if pathname exists and isn't empty, AT_EMPTY_PATH does nothing.
... so let's tie that to pathname _being_ empty - it's not as if it
had been hard to check.
What's more, let's allow userland pointer to be NULL - use getname_maybe_null()
and treat NULL returned by it as "we have an empty pathname".
next prev parent reply other threads:[~2024-11-28 2:06 UTC|newest]
Thread overview: 21+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-11-21 14:53 [GIT PULL] execve updates for v6.13-rc1 (take 2) Kees Cook
2024-11-25 23:40 ` Linus Torvalds
2024-11-26 5:09 ` Kees Cook
2024-11-26 20:11 ` Linus Torvalds
2024-11-26 20:12 ` Linus Torvalds
2024-11-28 0:53 ` Kees Cook
2024-11-28 1:59 ` Linus Torvalds
2024-11-28 2:05 ` Al Viro [this message]
2024-11-28 2:24 ` Linus Torvalds
2024-11-29 2:08 ` Kees Cook
2024-11-29 2:43 ` Linus Torvalds
2024-11-29 3:34 ` Al Viro
2024-11-29 4:23 ` Eric W. Biederman
2024-11-29 4:48 ` Al Viro
2024-11-29 17:00 ` Casey Schaufler
2024-11-29 19:33 ` Eric W. Biederman
2024-11-29 4:44 ` Linus Torvalds
2024-11-29 12:41 ` Eric W. Biederman
2024-11-29 21:42 ` Vegard Nossum
2024-11-29 22:54 ` Al Viro
2024-11-30 4:24 ` Linus Torvalds
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241128020558.GF3387508@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=christophe.jaillet@wanadoo.fr \
--cc=ebiederm@xmission.com \
--cc=kees@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=nir@lichtman.org \
--cc=tandersen@netflix.com \
--cc=torvalds@linux-foundation.org \
--cc=vegard.nossum@oracle.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.