Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp1158448imj; Thu, 14 Feb 2019 02:08:51 -0800 (PST) X-Google-Smtp-Source: AHgI3IaSctSJEDVI8KFt7886fXgLMVM8Gi8xmWeLDnvpXzKyxK2Od38wjtR9UwOsMp9g7s7aNlyx X-Received: by 2002:a17:902:c05:: with SMTP id 5mr3278314pls.155.1550138931357; Thu, 14 Feb 2019 02:08:51 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550138931; cv=none; d=google.com; s=arc-20160816; b=zDpzymBW6h09SCx+5nLAPtJpbdhMIKX4V/TF6kprCPJRBmdro7KihPdTmdgCy1equt SWbjs7XL4zk16mBPfodeBaSaAmzB39dhqvfitkkw5m7wsJtpXGHOL1+E2rEt6U9KjTGJ HXGuJ4quIJpStjJWJG28E4x78mbZqlcl2WCU3NUz6sfdIdzcRccK/QORL6T+alGaHhg7 1eRPlaV0LNu/3vCmBn25CC4eq/1DIrqBc1mxbJEQuhHlEZbbEnPYyXX2o6pnz54pCYsI hMouAawmcJ0CSbrVN4P/Y6EGgjNOhYrvQAP+c3dP+mF+lCmoIHnCpLhsHVhip139gpLZ R/eA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:cc:to:subject :message-id:date:from:references:in-reply-to:mime-version :dkim-signature; bh=9qOJOuzsi5LWpYQ5B6tsZvJhD7uF4dq82zy+Mglx5W8=; b=MJUwBg57kVIq0XKAQuyIORwYXsRI73FcI63ZFcO/tse9UJopQdvxU7tYU1W4AOEBKu 9QXoIm+gcwWRCPxj4ITKuDNxZDkDCO8ea9W1oHoVEipNzHSdmm55FHy2pK9nF3fXTBEd iBkIrfU3bZgtmWp7/GmgLvzB4owGlk+uY5FgL1LnM2mLEZj3UyI8E1mTJWcZBKdn1mfd Es3tyT4c9kA3EXXFx5U10q3sUmQtL+MJx2JPWGK08r1+itBLevKga9JqOvi6d2F+ZFCf /HroAI2QFtN2NBgoBGSXs349eoHqtD7S2ehksn2XJtdjN+m0iYZuZjY7u2cKTQjXwwVw mgxA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@dionne-riel-com.20150623.gappssmtp.com header.s=20150623 header.b=SpU8nQc3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id m39si2084330plg.315.2019.02.14.02.08.35; Thu, 14 Feb 2019 02:08:51 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@dionne-riel-com.20150623.gappssmtp.com header.s=20150623 header.b=SpU8nQc3; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727390AbfBNAlZ (ORCPT + 99 others); Wed, 13 Feb 2019 19:41:25 -0500 Received: from mail-lf1-f67.google.com ([209.85.167.67]:43454 "EHLO mail-lf1-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727236AbfBNAlW (ORCPT ); Wed, 13 Feb 2019 19:41:22 -0500 Received: by mail-lf1-f67.google.com with SMTP id j1so3215094lfb.10 for ; Wed, 13 Feb 2019 16:41:20 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=dionne-riel-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=9qOJOuzsi5LWpYQ5B6tsZvJhD7uF4dq82zy+Mglx5W8=; b=SpU8nQc33J+OtOY7JfZK7igtMy8OtnKm+Q9m6VZRr3yD2HiPfJHk/7F5Qi/EcY40pm EOafe5WuLe1r3YnHPVsojJHyIrkt23VSBc/Z2PbjjVv/v8I41+qh5855ht3RJ48jw42c KQf+jCbx3Al2HfM8tIX/0JstVU2U+fhe91QmzT++ozQRK9MfywBkdwSeuahH6b/WQQKl tvUnYUj5Z0RdCxf0IRZP98X3nKd7DAOzCkN2I+RbOuF3drdh1Hv0EsAvY1z1JGl2ZbTu G4azF7ujwdzc4vUmyBRDdegp0YYRRft5eyU+PcPoevurMWrabQsOZOWcNJq/ypdFgE6E wswg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=9qOJOuzsi5LWpYQ5B6tsZvJhD7uF4dq82zy+Mglx5W8=; b=THINzCh0qdFp5y4KDkIhk3YCQEzybNoK/79XgoHSoJc39DoZYBJWPTB6Sy/04j0OmP JAfYX2KNy4NKH7hJNFImgPgHpereew4Qm4kgkA9clUGAea/lVindybCjVvqF1NXdx5gM sd2AtMkdZQA4xbX9w/jQstKPC4Q/tOP0mPZKsBXyYFeUb2ArAqPHY9fy7uM67W9f70Qi 2Z7kl93LYchnDQBfX5flNse/Ir6RmqV1k+2OvJWU9CWygN2w29K4RJqck691UG8tv0nr Q5V87oK8ZgwHJOwyBLLSpDI3TEMv4QNnkpWawM8jFd95EjiV8o6HCYWMv5JtJHzxA8cf RR8g== X-Gm-Message-State: AHQUAuYMPywmtRtuRmC/ddMW2CHhOi5TiTh9Jr8OpHmn1JK/WFf9Itmf 8si5uNBVpcYdwIbBJDjPaANJbmf5Xg8y6Lq1s7lmMA== X-Received: by 2002:a19:5013:: with SMTP id e19mr509928lfb.89.1550104879818; Wed, 13 Feb 2019 16:41:19 -0800 (PST) MIME-Version: 1.0 Received: by 2002:ab3:5612:0:0:0:0:0 with HTTP; Wed, 13 Feb 2019 16:41:18 -0800 (PST) In-Reply-To: References: From: Samuel Dionne-Riel Date: Wed, 13 Feb 2019 19:41:18 -0500 Message-ID: Subject: Re: Userspace regression in LTS and stable kernels To: Richard Weinberger Cc: LKML , Linus Torvalds , graham@grahamc.com, Oleg Nesterov , Kees Cook , mhocko@suse.com, Andrew Morton Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Thanks for CC'ing relevant folks. On 13/02/2019, Richard Weinberger wrote: > [CC'in relevant folks] > > On Thu, Feb 14, 2019 at 12:19 AM Samuel Dionne-Riel > wrote: >> >> Here is an example shebang causing an issue: >> >> #! /nix/store/mbwav8kz8b3y471wjsybgzw84mrh4js9-perl-5.28.1/bin/perl >> -I/nix/store/x6yyav38jgr924nkna62q3pkp0dgmzlx-perl5.28.1-File-Slurp-9999= .25/lib/perl5/site_perl >> -I/nix/store/ha8v67sl8dac92r9z07vzr4gv1y9nwqz-perl5.28.1-Net-DBus-1.1.0/= lib/perl5/site_perl >> -I/nix/store/dcrkvnjmwh69ljsvpbdjjdnqgwx90a9d-perl5.28.1-XML-Parser-2.44= /lib/perl5/site_perl >> -I/nix/store/rmji88k2zz7h4zg97385bygcydrf2q8h-perl5.28.1-XML-Twig-3.52/l= ib/perl5/site_perl > > This this ever work correctly? It is longer than BINPRM_BUF_SIZE. > Yes, this is longer than BINPRM_BUF_SIZE. This worked when the interpreter knew to re-read the shebang, which among other interpreters, perl did. https://perl5.git.perl.org/perl.git/blob/04db542212fdad3a62f13afe741c99028f= 4bf799:/toke.c#l5524 >> (The shebang was artificially wrapped spaces replaced by newlines) >> >> Another contributor tracked the regression it to commit >> 8099b047ecc431518b9bb6bdbba3549bbecdc343 in the 5.0-rc* tree. >> >> I bring no particular fix to the issue, but I believe it should at >> least be fast-tracked to a revert for the stable and LTS branches, and >> since 5.0 might drop soon, a solution worked on, or possibly a revert >> until one is figured out. > > Your shebang line exceeds BINPRM_BUF_SIZE. > Before the said commit the kernel silently truncated the shebang line > (and corrupted it), > now it tells the user that the line is too long. > Yes, the shebang line exceeds BINPRM_BUF_SIZE. Before, the interpreter was still used (assuming it wasn't cut by the length), and the interpreter was free to re-read the shebang if desired. With the new behaviour, instead of executing the interpreter with a possibly truncated command line, the default script interpreter is used, meaning that the perl script is being interpreted by the wrong interpreter, giving copious amounts of irrelevant errors. This is not telling the user that the line is too long. This provably breaks the userland as under 4.14.98 the perl interpreter is used when running the script, and under 4.14.99 bash is used when running the script. For a given script with a shebang of #!(124*A)ZBBB: The behaviour as of before the regression: sh: ./foolish: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAZ: bad interpreter: No such file or directory As expected, it cuts the shebang. The behaviour following the change is the script ends up being executed by the shell interpreter, as if there was no shebang, and +x. Quoted from `man 3 exec` > If the header of a file isn't recognized (the attempted execve(2) failed = with the error ENOEXEC), these functions will execute the shell (/bin/sh) w= ith the path of the file as its first argument. (If this attempt fails, no = further searching is done.) The now returned ENOEXEC might be "more right", but changes the semantics of a truncated shebang. Here I am not debating the validity of using a truncated shebang, but showing that the userspace behaviour changed in an unexpected and breaking behaviour. Am I under a wrong assumption that the kernel shouldn't break userspace? --=20 =E2=80=94 Samuel Dionne-Riel