Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753263AbcJUDae (ORCPT ); Thu, 20 Oct 2016 23:30:34 -0400 Received: from mail-ve1eur01on0127.outbound.protection.outlook.com ([104.47.1.127]:27944 "EHLO EUR01-VE1-obe.outbound.protection.outlook.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S1752019AbcJUDac (ORCPT ); Thu, 20 Oct 2016 23:30:32 -0400 X-Greylist: delayed 43008 seconds by postgrey-1.27 at vger.kernel.org; Thu, 20 Oct 2016 23:30:31 EDT Authentication-Results: spf=none (sender IP is ) smtp.mailfrom=skinsbursky@virtuozzo.com; Subject: Re: [PATCH v2] prctl: remove one-shot limitation for changing exe link To: , References: <20160927153755.9337.69650.stgit@localhost.localdomain> CC: , , , , , , , , , , , From: Stanislav Kinsburskiy Message-ID: <6351f37a-668e-3f22-9c77-176f4fad9b47@virtuozzo.com> Date: Thu, 20 Oct 2016 17:00:25 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Icedove/45.4.0 MIME-Version: 1.0 In-Reply-To: <20160927153755.9337.69650.stgit@localhost.localdomain> Content-Type: text/plain; charset="utf-8"; format=flowed Content-Transfer-Encoding: 8bit X-Originating-IP: [178.19.210.162] X-ClientProxiedBy: AM5PR0901CA0025.eurprd09.prod.outlook.com (10.164.186.163) To VI1PR0802MB2464.eurprd08.prod.outlook.com (10.175.26.19) X-MS-Office365-Filtering-Correlation-Id: 600f2f35-737e-4d45-bc0c-08d3f8f9d68c X-Microsoft-Exchange-Diagnostics: 1;VI1PR0802MB2464;2:VjwZZvKYnmbunBkTVtPQi0ck+njAEeHVc60yIn8SO5AHBkbhthrH7oxlfH60foacwG7jcW5ho3lLBxKE1WgE8byb7AYCuRyIRRgvoBuBJCqL8ANUqkIJOk81dVTa6dr8rJkyb4skkN0IvIcS6ie3p0DExzcpR8bEl09v8mSECUGynYL+hysaRiK4A8OpUzE3I6ofE2o5soDZN5KEEFgpHQ==;3:Ol5TTcaN05T5DgY4C9262jyRcGcVTr0N9HIynEonsKWF2WDkpWyycYl+m7rm+5PMvAHsjZsZTyEPbcc/XI97gZFEh+fJh/xFtajmERiUly5ra9oBWIacq15KUJHF2lhSen2orHQrpSPEhdpnsmGb0g==;25:gBcRxzm5GS1B4sKVfFq0AhED2q/7HNDLvQVkajwzNvBtDAgmiWCe2JQYju2T1CjonYWNl1LeECfnAmhGdUQ1Ir2mNpP82Vj/Cd1iP2qLXv6aXSObf5J/CEgilBrEikvQChi/97aQjlH0I9bzyN1jAOaNEssKPtseV5Jf/73jX5+gyb8KkkV9DRPL8P6PFd8HLtkCD61/B5+Lt2ZupcC5VVTUsrDtAU0Hyn9Yn4/FNJcOs0KrmeO4uyrquC/Aei0GDAe8Sz5ahipoycovQDqkj5lLgd+Qs8P8/hrDypVbMppoJM6iaFWuIT2HHK0cqJvJUu1hBO2wP8N409oMuMMKSVxbGJejHg0bEGXf0e+7y5YTgvQ4oOpaI+2xBpBBJpxIyHMngte7mekrTum17dn3FXA1QkC8ODU3Q7QyWfpCX25ym2lhLOXs9gzM4NKDyuc/ X-Microsoft-Antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:VI1PR0802MB2464; X-Microsoft-Exchange-Diagnostics: 1;VI1PR0802MB2464;31:BV8x1lRLyvoZICs/eOI09aeOkdcQARueImJO6qAwwbwWxAKxkVPH1kZibxOWTS7zP+/oxLkby7H+/h010Obx4nCiBDJB91vEl1dgeFhkEDAxeggTr32KJSC9RS1j8JEZw4zWR/vhVAlc4kBT+R1EmwYKjGqb1m8bKKUq79A7N0Vc0Iauw8Mu48Ymiybl+x9rNcUHq88UkF4yEZo2enWBb1bnEc2nCR5szpKAMXzk6U/J0HMirDwlN2njByU5M9GZ;4:C9jmH9poOcgqjfoBkgqzrl5HK9ORUadnKOjVAUJX6/oXU6SHyC7toyRvB1ZhWZjJyURMLqI17BqTlH+jAvQcAvIyWe7jscgqRvQJXFfEonleqQpPIlGxYSigp1FLZgfMeuiBcuxysC1ZbE/lKaBo/CVnQclBuJ2JInIrwTNkFkr5ka1OrRKPyMzIvzvFu1YdDmefJG21KirAckhmVD5682SxyonarFFRvapYntQ7GXG+SkDracJesFNb6lFiYgM1k5FfpuPYN5FWVuCupb55f9mqf6xUzVcGT3LdTeIUEE53VeIi36vtzbIPDEaPAYt4QnHxsMInsi9jV0W6C9k2P3f45WKNE5Maw/p+zA/HD5B8RDZRNbjBPU4TjUhGKlxc+rEM7tFv8r+MnNEbfysqHRy7MR50i0IvylNIRn+uZEyvPVfq4dHJDs+ovT56ujvdSEePRSqBJuQVrFqqPVjIE/FDO8txGWrvXltnxSR6fM8= X-Microsoft-Antispam-PRVS: X-Exchange-Antispam-Report-Test: UriScan:(192374486261705); X-Exchange-Antispam-Report-CFA-Test: BCL:0;PCL:0;RULEID:(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6043046)(6042046);SRVR:VI1PR0802MB2464;BCL:0;PCL:0;RULEID:;SRVR:VI1PR0802MB2464; X-Forefront-PRVS: 01018CB5B3 X-Forefront-Antispam-Report: SFV:NSPM;SFS:(10019020)(4630300001)(6049001)(6009001)(7916002)(209900001)(189002)(199003)(3846002)(6116002)(189998001)(7416002)(83506001)(81156014)(81166006)(8676002)(77096005)(2870700001)(36756003)(4001350100001)(2950100002)(47776003)(97736004)(5001770100001)(66066001)(6666003)(8666005)(7736002)(7846002)(305945005)(5660300001)(4326007)(15395725005)(2906002)(86362001)(92566002)(68736007)(101416001)(64126003)(15975445007)(33646002)(42186005)(31686004)(105586002)(586003)(106356001)(76176999)(54356999)(23676002)(50986999)(31696002)(50466002)(19580395003)(7059030)(6606295002);DIR:OUT;SFP:1102;SCL:1;SRVR:VI1PR0802MB2464;H:[10.134.193.232];FPR:;SPF:None;PTR:InfoNoRecords;MX:1;A:1;LANG:en; X-Microsoft-Exchange-Diagnostics: =?utf-8?B?MTtWSTFQUjA4MDJNQjI0NjQ7MjM6QUZIejcrem9aN2FnR2g2WVE2eE9LNmQ4?= =?utf-8?B?TnlCaXN4T0Vuc3MzcUZoWmtlUm5LaDRYSFQ5WW03cWJCbUZZa21nS2twTWwz?= =?utf-8?B?UzcraFFvYlZ0ZXpJckdQZFdaQ1BETlY3RzhrTmE2YzBHcFcydXlRaVZQdmpF?= =?utf-8?B?UGZkQ0E5TnV1RENuNGdZek9QWmdvb2lQaG93cmNzVzBLRENNL0Y0cGJUeEVp?= =?utf-8?B?SnRpaXpKZnJxZTJveHB4Qmg5NnFJQXFob3psclZNeFh2ZUFSVWlMLys1U1N4?= =?utf-8?B?ZHV3RVo0UU9Ec1orMHlUTkMrdGRmWGhObFA5bXV6eHpOSCsrSll0N0tGTlk2?= =?utf-8?B?aFJGakdQQUZvQVQrem05WnF1RWlUY0NnK2h6RWo5NmpFNElnd3JWQVVTY0Nv?= =?utf-8?B?T0dTVmRmWmlHNHNCd0gyS0l5ZTBGcHFNNS9oN0NTOUlIRHJLWUl4TFpOM3Rr?= =?utf-8?B?c0J0dFJnakltV0RPTGdjemNWVkFpYmFRWVVPSUNCbEo1aW9KbzRhcSszNFJJ?= =?utf-8?B?cnVxSjNtbWFkU1dLR2VjT2ZkQXNLNkhMUkdzQ2hienBaR1BFV3BtaEM4d3Nk?= =?utf-8?B?Q25JNHMzUFRqWnVsd0VwS08weVhtTWRBWGVBSVhtbkxFWXBOWlB3blhoYnZl?= =?utf-8?B?WkdHUkdWWmJSaU5Ta3JEWnJiQU92c0dUd25uQWNZNFkvVWNYanRFUE9TRHFj?= =?utf-8?B?MkJhcGFJcU5YcXlCQytZbTRlV3g2RkxaN1czNDRpQWFuWms5TWRyVld1S29w?= =?utf-8?B?aHpoang3c1dEZURmUVZtS1IraGJqdjQ3NE5kc2V0aW5PRFMrNElDcGx1cndw?= =?utf-8?B?ZExYL2pSMEU2b210Tm9pc2szcU5HUVE5bzhzNVJRcFZCWnEreFBkSTI3UFYx?= =?utf-8?B?RmJtSE9PWGlLVzJvbWJNSnZibk5oWkwwQVRhamRPemtDWXZSVkpKejZLdkR4?= =?utf-8?B?M3BoNFB6YXJWL3ZoNUpjajg1OWpyMHFtMnFRQ2g2MGtEdDg3VVdmV25XMDRM?= =?utf-8?B?YkdEQ0FFRkhqdFhpSTBqL1B1TTlYWkhza2IrVWtNKy81ZmFMT2xMbU5YUWFk?= =?utf-8?B?dWloQWRBTVoyTU5XQkpYLzhjTXY0UHRzdzA2U0ducGF6QytSN01VaVRRS0hx?= =?utf-8?B?d0VZRStvYmZLMG1HVDNNVXFwZzZoS3ZrMTNWaDltQ25taEFoUWRrNFAzNHl0?= =?utf-8?B?SnV2ZEJheC92OSttM1BCLzA2Mys2WGI1OStCejdqYy8ybUtUQUZrMXhqTG5E?= =?utf-8?B?T3duVGV6UWl5elV4WU95M2tvSjE4aS9OeFlZc0k2NDJvaEdJNEZEazd3TFVB?= =?utf-8?B?RWdsdmRiNnpvclBIWnM3bzNPbE1OdGM3K0RXb3ZBcmhRaXcyYVFtaTFYVUhk?= =?utf-8?B?M1RWQ1V5ZzdOOUZtUGJFaUowN2d2RHhwV1RjaGk5d0lKZjc0TlMya2lGZjhj?= =?utf-8?B?MndCR0NxT2ZRanZVR2t3RGVXbzRZRXVjUUg5L1U0aGpVQlkway9veTIxQ0tM?= =?utf-8?B?VUNpZjVkTTlkdFhDSmJrdHlaWXFSd3VFWWg1M09pa0tZbG1McFIxYXlqUk14?= =?utf-8?B?L1ZyL2gxNFNObnJmaVp1SytYc0xma20yb1djdDVIeFRsTTUyby9oelNXdUZH?= =?utf-8?B?aTJ4UmdBNGtuUXNvT0dKL0c1UkNFbmxFY3FBVU4xeG9lOG5XVDJWQzA2SU5m?= =?utf-8?B?YWtIVGViN21xeGpia1BUOXg3Ty91T2tPenZDdTlia242MDNGZ3VOR3hGQktO?= =?utf-8?B?U0UxTDJNcVhpclg2Y2ttSVFZSGJKaWVEOXhabk0rVThFSVdUb2pCV29GWW5R?= =?utf-8?Q?EV6gTZA+zA6XULE?= X-Microsoft-Exchange-Diagnostics: 1;VI1PR0802MB2464;6:S0MYhFmhS/OQMvQ14/hoLjFCFG/qWsenAck1vDuRHBlWOyS1ADoXUYStZQYVztQ4U6YvD4iCfMZ7My/7NS/YXjw6+HxT47w0kLF82DYcrbc0muHx9cLUCOUd7FVLPopQY6nJqHkaqD+tY2+sg22TOApbNWRruITRR08nu145lT2x5UavRLtt8Pza+8P46skazlRg+717hPoY2IrZr1kvA68twuRvSJfmNlrkCIHH+9AgHmlrH50MypN8cYz0A54HPk/T1tmI2ae368LY/6mBbblVN8WnqOB44uw5mnVE+9UAFrz9Nomj3r/+et5N0kZKX8u6YXgo6i5TF90b4uygSw==;5:FvBoTORAIGBEYhe3w+PiWVde9I1cXRt9lp/0ZFh7D3Yo1HwTNCNdxrurH24Rov2VRNXEKBfr3oUPDvW1jhxQUHW2JY50SrbbgLAyk0mk2EXA2VULZ14SdYYCL8DKKJd4LZiOIvBrgHg5+o9GkESjOw==;24:22dyrrvuQwJUb876vl5zsoGMp89fgrMoT3L9u2V9J+bJYcuxJO1Bd6vAdrkGt5BaXxyygyOTqZbsWmv1LFWVkL/97RzyqMJZFHkSx/opMm4= SpamDiagnosticOutput: 1:99 SpamDiagnosticMetadata: NSPM X-Microsoft-Exchange-Diagnostics: 1;VI1PR0802MB2464;7:WsSb8vFch50lbB4QS8gy6YeusJO6SvhjOPJwCkbo/iNhnGX/+DVT00u/mAUh2lMUfjGtcUkflKX416/JJEKn0jiARo0COL8JeAedRwmZPMNdaV62/tsXf2mRI5lofxiMMnrrN1fsGRzIwlaQzahC71eJFECpUlYHJYE+3GoPYteeZJCRhG1OwHHyJjDc/kLC5K/NNMfG/FkAB5eoa+hW6IA36Odr9qTzO3dKxNh9ZIPR6D+aPzbepKAqsLT1BNSy1dwde9ko9tk8sHjcZWQhqU56v9WpWJ9uULe52h2khhqhkCR3ugDDpdFiDLTdQkpa+qGgt87P6d3PB4saVZ0S5qacMZK4GIJuVJsTN5ZKEhU=;20:Ob4e8lwxk16tfdbxFkyZgJHuZaR80mwOzwjtg33C64OhPRnAtpMJ8unPFeUjTHF+2B9GgRUubGUUXS14v7h+tw6TpEVTzYjS6JEL2yJRnPxXDXxdFzbwJ9+cG8hFOaG6QCMYSL5hG5eu4UQGzSGjrVyH5Qm0prdeV1ORUN8A3Go= X-OriginatorOrg: virtuozzo.com X-MS-Exchange-CrossTenant-OriginalArrivalTime: 20 Oct 2016 15:00:30.7504 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-Transport-CrossTenantHeadersStamped: VI1PR0802MB2464 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 3104 Lines: 82 Gentlemen, ping. Let's decide something, how to get rid of this strange solution. It doesn't provide the security it was aimed to, looks ugly and obfuscates the user of the feature. It looks like it can be just thrown away. But if not, please, advice, what should be changed to make is safe and solid. 27.09.2016 17:39, Stanislav Kinsburskiy пишет: > This limitation came with the reason to remove "another > way for malicious code to obscure a compromised program and > masquerade as a benign process" by allowing "security-concious program can use > this prctl once during its early initialization to ensure the prctl cannot > later be abused for this purpose": > > http://marc.info/?l=linux-kernel&m=133160684517468&w=2 > > This explanation doesn't look sufficient. > The only thing "exe" link is indicating is the file, used to execve, which is > basically nothing and not reliable immediately after process has returned from > execve system call. > > Moreover, to use this feture, all the mappings to previous exe file have to be > unmapped and all the new exe file permissions must be satisfied. > > Which means, that changing exe link is very similar to calling execve on the > binary. > > The need to remove this limitations comes from migration of NFS mount point, > which is not accessible during restore and replaced by other file system. > Because of this exe link has to be changed twice. > > v2: > Rebased on current linux-next > de > --- > include/linux/sched.h | 4 +++- > kernel/sys.c | 10 ---------- > 2 files changed, 3 insertions(+), 11 deletions(-) > > diff --git a/include/linux/sched.h b/include/linux/sched.h > index a1c9b42..ad48b7d 100644 > --- a/include/linux/sched.h > +++ b/include/linux/sched.h > @@ -520,7 +520,9 @@ static inline int get_dumpable(struct mm_struct *mm) > /* leave room for more dump flags */ > #define MMF_VM_MERGEABLE 16 /* KSM may merge identical pages */ > #define MMF_VM_HUGEPAGE 17 /* set when VM_HUGEPAGE is set on vma */ > -#define MMF_EXE_FILE_CHANGED 18 /* see prctl_set_mm_exe_file() */ > +/* This ine-shot flag is droped due to necessivity of changing exe once again > + * on NFS restore */ > +//#define MMF_EXE_FILE_CHANGED 18 /* see prctl_set_mm_exe_file() */ > > #define MMF_HAS_UPROBES 19 /* has uprobes */ > #define MMF_RECALC_UPROBES 20 /* MMF_HAS_UPROBES can be wrong */ > diff --git a/kernel/sys.c b/kernel/sys.c > index 89d5be4..fd6f508 100644 > --- a/kernel/sys.c > +++ b/kernel/sys.c > @@ -1696,16 +1696,6 @@ static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd) > fput(exe_file); > } > > - /* > - * The symlink can be changed only once, just to disallow arbitrary > - * transitions malicious software might bring in. This means one > - * could make a snapshot over all processes running and monitor > - * /proc/pid/exe changes to notice unusual activity if needed. > - */ > - err = -EPERM; > - if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags)) > - goto exit; > - > err = 0; > /* set the new file, lockless */ > get_file(exe.file); >