From: Domenico Andreoli <domenico.andreoli@linux.com>
To: Kees Cook <keescook@chromium.org>
Cc: Eric Biederman <ebiederm@xmission.com>, linux-kernel@vger.kernel.org
Subject: Re: [PATCH] binfmt_misc: add two-steps registration (opt-in)
Date: Thu, 10 Mar 2022 18:44:33 +0100 [thread overview]
Message-ID: <Yio5AY0KqohZkXOe@localhost> (raw)
In-Reply-To: <202203100811.F2B43DD@keescook>
On Thu, Mar 10, 2022 at 08:13:25AM -0800, Kees Cook wrote:
> On Tue, Mar 01, 2022 at 02:28:22PM +0100, Domenico Andreoli wrote:
> > From: Domenico Andreoli <domenico.andreoli@linux.com>
> >
> > Experimenting with new interpreter configurations can lead to annoying
> > failures, when the system is left unable to load ELF binaries power
> > cycling is the only way to get it back operational.
> >
> > This patch tries to mitigate such conditions by adding an opt-in
> > two-steps registration.
> >
> > A new optional field is added to the configuration string, it's an
> > expiration interval for the newly added interpreter. If the user is
> > not able to confirm in time, possibly because the system is broken,
> > the new interpreter is automatically disabled.
>
> Hi!
Hi!
>
> As this both changes the userspace API and adds timers, I'd like the
Right but 1. it's backward compatible, 2. it fails on unsupporting
kernels.
Curiosity, I understand why API changes require care but what's so
special about the timers?
> change to be really well justified. Can you explain the conditions you
> get into that can't be escaped by just disabling the bad binfmt_misc
> entry?
It happened when I somehow messed up with the ELF loader of my system,
it was the very first time I tried to manually configure qemu-user-static
for a foreign architecture.
Suddenly I could not do anything, no ls, no cat. Did not realize that
my shell has built-in echo and that I could cut-and-paste the path for
disabling the bad interpreter. I did not investigate what I did wrong
or what I could do better, I simply didn't do it again.
I just got a deeper understanding of the note in Debian's update-binfmts
manpage:
If you're not careful, you can break your system with update-binfmts.
An easy way to do this is to register an ELF binary as a handler for
ELF, which will almost certainly cause your system to hang immediately;
even if it doesn't, you won't be able to run update-binfmts to fix it.
I shot on my foot and I thought the API could be made a bit more friendly.
Thanks,
Dom
>
> -Kees
>
> --
> Kees Cook
--
rsa4096: 3B10 0CA1 8674 ACBA B4FE FCD2 CE5B CF17 9960 DE13
ed25519: FFB4 0CC3 7F2E 091D F7DA 356E CC79 2832 ED38 CB05
prev parent reply other threads:[~2022-03-10 17:44 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-01 13:28 [PATCH] binfmt_misc: add two-steps registration (opt-in) Domenico Andreoli
2022-03-08 15:18 ` Domenico Andreoli
2022-03-10 16:13 ` Kees Cook
2022-03-10 17:44 ` Domenico Andreoli [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=Yio5AY0KqohZkXOe@localhost \
--to=domenico.andreoli@linux.com \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.