From: Kees Cook <keescook@chromium.org>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Linus Torvalds <torvalds@linux-foundation.org>,
Bernd Edlinger <bernd.edlinger@hotmail.de>,
Linux Kernel Mailing List <linux-kernel@vger.kernel.org>,
Alexey Gladkov <gladkov.alexey@gmail.com>,
Oleg Nesterov <oleg@redhat.com>, Jann Horn <jannh@google.com>,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: Re: [PATCH 1/3] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf
Date: Tue, 7 Apr 2020 08:58:41 -0700 [thread overview]
Message-ID: <202004070858.4644D9F529@keescook> (raw)
In-Reply-To: <87o8s43wuq.fsf_-_@x220.int.ebiederm.org>
On Mon, Apr 06, 2020 at 08:31:25PM -0500, Eric W. Biederman wrote:
>
> In 2016 Linus moved install_exec_creds immediately after
> setup_new_exec, in binfmt_elf as a cleanup and as part of closing a
> potential information leak.
>
> Perform the same cleanup for the other binary formats.
>
> Different binary formats doing the same things the same way makes exec
> easier to reason about and easier to maintain.
>
> Putting install_exec_creds immediate after setup_new_exec makes many
> simplifications possible in the code.
>
> Ref: 9f834ec18def ("binfmt_elf: switch to new creds when switching to new mm")
> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Acked-by: Kees Cook <keescook@chromium.org>
-Kees
> ---
> arch/x86/ia32/ia32_aout.c | 3 +--
> fs/binfmt_aout.c | 2 +-
> fs/binfmt_elf_fdpic.c | 2 +-
> fs/binfmt_flat.c | 3 +--
> 4 files changed, 4 insertions(+), 6 deletions(-)
>
> diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c
> index 9bb71abd66bd..37b36a8ce5fa 100644
> --- a/arch/x86/ia32/ia32_aout.c
> +++ b/arch/x86/ia32/ia32_aout.c
> @@ -140,6 +140,7 @@ static int load_aout_binary(struct linux_binprm *bprm)
> set_personality_ia32(false);
>
> setup_new_exec(bprm);
> + install_exec_creds(bprm);
>
> regs->cs = __USER32_CS;
> regs->r8 = regs->r9 = regs->r10 = regs->r11 = regs->r12 =
> @@ -156,8 +157,6 @@ static int load_aout_binary(struct linux_binprm *bprm)
> if (retval < 0)
> return retval;
>
> - install_exec_creds(bprm);
> -
> if (N_MAGIC(ex) == OMAGIC) {
> unsigned long text_addr, map_size;
>
> diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c
> index 8e8346a81723..ace587b66904 100644
> --- a/fs/binfmt_aout.c
> +++ b/fs/binfmt_aout.c
> @@ -162,6 +162,7 @@ static int load_aout_binary(struct linux_binprm * bprm)
> set_personality(PER_LINUX);
> #endif
> setup_new_exec(bprm);
> + install_exec_creds(bprm);
>
> current->mm->end_code = ex.a_text +
> (current->mm->start_code = N_TXTADDR(ex));
> @@ -174,7 +175,6 @@ static int load_aout_binary(struct linux_binprm * bprm)
> if (retval < 0)
> return retval;
>
> - install_exec_creds(bprm);
>
> if (N_MAGIC(ex) == OMAGIC) {
> unsigned long text_addr, map_size;
> diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
> index 240f66663543..6c94c6d53d97 100644
> --- a/fs/binfmt_elf_fdpic.c
> +++ b/fs/binfmt_elf_fdpic.c
> @@ -353,6 +353,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
> current->personality |= READ_IMPLIES_EXEC;
>
> setup_new_exec(bprm);
> + install_exec_creds(bprm);
>
> set_binfmt(&elf_fdpic_format);
>
> @@ -434,7 +435,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
> current->mm->start_stack = current->mm->start_brk + stack_size;
> #endif
>
> - install_exec_creds(bprm);
> if (create_elf_fdpic_tables(bprm, current->mm,
> &exec_params, &interp_params) < 0)
> goto error;
> diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c
> index 831a2b25ba79..1a1d1fcb893f 100644
> --- a/fs/binfmt_flat.c
> +++ b/fs/binfmt_flat.c
> @@ -541,6 +541,7 @@ static int load_flat_file(struct linux_binprm *bprm,
> /* OK, This is the point of no return */
> set_personality(PER_LINUX_32BIT);
> setup_new_exec(bprm);
> + install_exec_creds(bprm);
> }
>
> /*
> @@ -963,8 +964,6 @@ static int load_flat_binary(struct linux_binprm *bprm)
> }
> }
>
> - install_exec_creds(bprm);
> -
> set_binfmt(&flat_format);
>
> #ifdef CONFIG_MMU
> --
> 2.25.0
>
--
Kees Cook
next prev parent reply other threads:[~2020-04-07 15:58 UTC|newest]
Thread overview: 128+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <87blobnq02.fsf@x220.int.ebiederm.org>
2020-04-02 19:04 ` [GIT PULL] Please pull proc and exec work for 5.7-rc1 Linus Torvalds
2020-04-02 19:31 ` Bernd Edlinger
2020-04-02 19:52 ` Linus Torvalds
2020-04-02 20:59 ` Bernd Edlinger
2020-04-02 21:46 ` Linus Torvalds
2020-04-02 23:01 ` Eric W. Biederman
2020-04-02 23:42 ` Bernd Edlinger
2020-04-02 23:45 ` Eric W. Biederman
2020-04-02 23:49 ` Bernd Edlinger
2020-04-02 23:45 ` Linus Torvalds
2020-04-02 23:44 ` Linus Torvalds
2020-04-03 0:05 ` Eric W. Biederman
2020-04-07 1:29 ` [RFC][PATCH 0/3] exec_update_mutex related cleanups Eric W. Biederman
2020-04-07 1:31 ` [PATCH 1/3] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf Eric W. Biederman
2020-04-07 15:58 ` Kees Cook [this message]
2020-04-07 16:11 ` Christian Brauner
2020-04-08 17:25 ` Linus Torvalds
2020-04-08 19:51 ` Eric W. Biederman
2020-04-07 1:31 ` [PATCH 2/3] exec: Make unlocking exec_update_mutex explict Eric W. Biederman
2020-04-07 16:02 ` Kees Cook
2020-04-07 16:17 ` Christian Brauner
2020-04-07 16:21 ` Eric W. Biederman
2020-04-07 1:32 ` [PATCH 3/3] exec: Rename the flag called_exec_mmap point_of_no_return Eric W. Biederman
2020-04-07 16:03 ` Kees Cook
2020-04-07 16:21 ` Christian Brauner
2020-04-07 16:22 ` [RFC][PATCH 0/3] exec_update_mutex related cleanups Christian Brauner
2020-04-08 17:26 ` Linus Torvalds
2020-04-03 5:09 ` [GIT PULL] Please pull proc and exec work for 5.7-rc1 Bernd Edlinger
2020-04-03 19:26 ` Linus Torvalds
2020-04-03 20:41 ` Waiman Long
2020-04-03 20:59 ` Linus Torvalds
2020-04-03 23:16 ` Waiman Long
2020-04-03 23:23 ` Waiman Long
2020-04-04 1:30 ` Linus Torvalds
2020-04-04 2:02 ` Waiman Long
2020-04-04 2:28 ` Linus Torvalds
2020-04-04 6:34 ` Bernd Edlinger
2020-04-05 6:34 ` Bernd Edlinger
2020-04-05 19:35 ` Linus Torvalds
2020-04-05 2:42 ` Waiman Long
2020-04-05 3:35 ` Bernd Edlinger
2020-04-05 3:45 ` Waiman Long
2020-04-06 13:13 ` Will Deacon
2020-04-04 4:23 ` Bernd Edlinger
2020-04-06 22:17 ` Eric W. Biederman
2020-04-07 19:50 ` Linus Torvalds
2020-04-07 20:29 ` Bernd Edlinger
2020-04-07 20:47 ` Linus Torvalds
2020-04-08 15:14 ` Eric W. Biederman
2020-04-08 15:21 ` Bernd Edlinger
2020-04-08 16:34 ` Linus Torvalds
2020-04-09 14:58 ` Eric W. Biederman
2020-04-09 15:15 ` Bernd Edlinger
2020-04-09 16:15 ` Linus Torvalds
2020-04-09 16:24 ` Linus Torvalds
2020-04-09 17:03 ` Eric W. Biederman
2020-04-09 17:17 ` Bernd Edlinger
2020-04-09 17:37 ` Linus Torvalds
2020-04-09 17:46 ` Bernd Edlinger
2020-04-09 18:36 ` Linus Torvalds
2020-04-09 19:42 ` Linus Torvalds
2020-04-09 19:57 ` Bernd Edlinger
2020-04-09 20:04 ` Linus Torvalds
2020-04-09 20:36 ` Bernd Edlinger
2020-04-09 21:00 ` Eric W. Biederman
2020-04-09 21:17 ` Linus Torvalds
2020-04-09 23:52 ` Bernd Edlinger
2020-04-10 0:30 ` Linus Torvalds
2020-04-10 0:32 ` Linus Torvalds
2020-04-11 4:07 ` Bernd Edlinger
2020-04-11 18:20 ` Oleg Nesterov
2020-04-11 18:29 ` Linus Torvalds
2020-04-11 18:31 ` Linus Torvalds
2020-04-11 19:15 ` Bernd Edlinger
2020-04-11 20:07 ` Linus Torvalds
2020-04-11 21:16 ` Bernd Edlinger
[not found] ` <CAHk-=wgWHkBzFazWJj57emHPd3Dg9SZHaZqoO7-AD+UbBTJgig@mail.gmail.com>
2020-04-11 21:57 ` Linus Torvalds
2020-04-12 6:01 ` Bernd Edlinger
2020-04-12 19:50 ` Oleg Nesterov
2020-04-12 20:14 ` Linus Torvalds
2020-04-28 2:56 ` Bernd Edlinger
2020-04-28 17:07 ` Linus Torvalds
2020-04-28 19:08 ` Oleg Nesterov
2020-04-28 20:35 ` Linus Torvalds
2020-04-28 21:06 ` Jann Horn
2020-04-28 21:36 ` Linus Torvalds
2020-04-28 21:53 ` Jann Horn
2020-04-28 22:14 ` Linus Torvalds
2020-04-28 23:36 ` Jann Horn
2020-04-29 17:58 ` Linus Torvalds
2020-04-29 18:33 ` Jann Horn
2020-04-29 18:57 ` Linus Torvalds
2020-04-29 19:23 ` Bernd Edlinger
2020-04-29 19:26 ` Jann Horn
2020-04-29 20:19 ` Bernd Edlinger
2020-04-29 21:06 ` Jann Horn
2020-04-29 22:38 ` Linus Torvalds
2020-04-29 23:22 ` Linus Torvalds
2020-04-29 23:59 ` Jann Horn
2020-04-30 1:08 ` Bernd Edlinger
2020-04-30 2:20 ` Linus Torvalds
2020-04-30 3:00 ` Jann Horn
2020-04-30 3:25 ` Linus Torvalds
2020-04-30 3:41 ` Jann Horn
2020-04-30 3:50 ` Linus Torvalds
2020-04-30 13:37 ` Linus Torvalds
2020-04-30 2:16 ` Linus Torvalds
2020-04-30 13:39 ` Bernd Edlinger
2020-04-30 13:47 ` Linus Torvalds
2020-04-30 14:29 ` Bernd Edlinger
2020-04-30 16:40 ` Linus Torvalds
2020-05-02 4:11 ` Bernd Edlinger
2025-08-24 22:28 ` Bernd Edlinger
2020-04-09 17:36 ` Linus Torvalds
2020-04-09 20:34 ` Eric W. Biederman
2020-04-09 20:56 ` Linus Torvalds
2020-04-02 23:02 ` Bernd Edlinger
2020-04-02 23:22 ` Bernd Edlinger
2020-04-03 7:38 ` Bernd Edlinger
2020-04-03 16:00 ` Bernd Edlinger
2020-04-03 15:09 ` Bernd Edlinger
2020-04-03 16:23 ` Linus Torvalds
2020-04-03 16:36 ` Bernd Edlinger
2020-04-04 5:43 ` Bernd Edlinger
2020-04-04 5:48 ` Bernd Edlinger
2020-04-06 6:41 ` Bernd Edlinger
2020-04-10 13:03 ` [GIT PULL] proc fix " Eric W. Biederman
2020-04-10 20:40 ` pr-tracker-bot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202004070858.4644D9F529@keescook \
--to=keescook@chromium.org \
--cc=bernd.edlinger@hotmail.de \
--cc=christian.brauner@ubuntu.com \
--cc=ebiederm@xmission.com \
--cc=gladkov.alexey@gmail.com \
--cc=jannh@google.com \
--cc=linux-kernel@vger.kernel.org \
--cc=oleg@redhat.com \
--cc=torvalds@linux-foundation.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox