Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751220AbeACRVo (ORCPT + 1 other); Wed, 3 Jan 2018 12:21:44 -0500 Received: from mail-ua0-f193.google.com ([209.85.217.193]:39507 "EHLO mail-ua0-f193.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751198AbeACRVm (ORCPT ); Wed, 3 Jan 2018 12:21:42 -0500 X-Google-Smtp-Source: ACJfBovr99FAVNTx/9Dh0Cy+lg5IUEmzF2tvY5xSzCTdMhDzMjsvkyju7XSRhbm3cI0e0Ce7DBJw3aeqSKr5FRxO5eA= MIME-Version: 1.0 In-Reply-To: <20180103071158.204eeb41@tomh> References: <20180102232133.GA39880@beast> <20180103070444.GA6331@mail.hallyn.com> <20180103071158.204eeb41@tomh> From: Kees Cook Date: Wed, 3 Jan 2018 09:21:41 -0800 X-Google-Sender-Auth: hid_rNDI1srCo6_fYY0sdAwCarI Message-ID: Subject: Re: [PATCH] exec: Weaken dumpability for secureexec To: Tom Horsley Cc: "Serge E. Hallyn" , Linus Torvalds , Laura Abbott , David Howells , James Morris , LKML Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Return-Path: On Wed, Jan 3, 2018 at 4:11 AM, Tom Horsley wrote: > On Wed, 3 Jan 2018 01:04:44 -0600 > Serge E. Hallyn wrote: > >> > This weakens dumpability back to checking only for uid/gid changes in >> > current (which is useless), but userspace depends on dumpability not >> > being tied to secureexec. >> > >> > https://bugzilla.redhat.com/show_bug.cgi?id=1528633 >> > >> > Reported-by: Tom Horsley >> >> Seems right, any chance we could get a tested-by: Tom? (Did we already >> get that?) > > I didn't test it myself, but all I'd do is run the test program > I've attached to the bugzilla above which is trivial compared > to be learning how to patch and build kernels. So it would be > much simpler for someone with the kernel already built to > extract the tarball and type make :-). This is what I did to verify it. Thank you very much for the test case! -Kees -- Kees Cook Pixel Security