Received: by 2002:ac0:946b:0:0:0:0:0 with SMTP id j40csp1167077imj; Thu, 14 Feb 2019 02:17:19 -0800 (PST) X-Google-Smtp-Source: AHgI3IYrk/nUVIMf+vR1H7dwROgfEH6aj4ZJBlTwN9wSqbBDCJqL5vvkXwvwigYsR/VemrCf5w4F X-Received: by 2002:a62:5687:: with SMTP id h7mr3229819pfj.198.1550139438924; Thu, 14 Feb 2019 02:17:18 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1550139438; cv=none; d=google.com; s=arc-20160816; b=CZDM98RiNvS8fLdISHWeupp+zapdPqNpmZJiR3fKTm9BdL3u+Pjk346x52uxQWGN/d G7/z59+4nLo/E59kukO6TRK2MJ4DVpoiqG15KXs/7hZRab1QX2lytfkSpe/9JZioTYUE FbOkdPN6FSTdBb9Z2G6gJb2Jx49619QMNHZ3fPwM3K2bQlKwxNVOvV1/wBoEFajVq52l D7hHk2HPAfZ7fPPWNCvSVT4MdlJsXo3Tg1e3KSNROA4w4pWREBth5JQP+Gu4a6UiCbG+ fWis0mAYKB/M8UlZT+4S1Neqn0/AKQ27ckMuRXywmyOwGMt97Nex6r7vXwBzr/wLNqUt N1tQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=TmLwR9SK/L1ub2UqKIynjD9SpCt7lvovD4KgOt1r+rU=; b=Ok0gHSxh+VjxGzgJQxublBQ2kVsljIx/PxBtdXc1d/KEI2tabXm1/c+/J9iYP6GFJf ue+fttw5UPBNu9XYBE8lmoK7WNH0aM+OIgSbdC9+CptPUJCDrrFjIP78/DmUjrdq6BBh JV3NFpPYoNdMIB/K656SI2jA47H9HckQZHJpRMAzYlqYK3erFUVs4Cpim4vbs62e/ABs ZcufRTvnKQXxZIpcsxZvHs53QinPWoX0DOkuhHNkkE+YxVesIFKBd+QzHMKsn1af650M hEW8e9YpbNtITx2XqLdo0R1dg7Ug9+96WDPcbgl49R+8d6aMBLBrMFXu8QyO4e/vQk9B DrDQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=LRrlFMqs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g12si2051563pgd.567.2019.02.14.02.17.02; Thu, 14 Feb 2019 02:17:18 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=LRrlFMqs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2388090AbfBNBfd (ORCPT + 99 others); Wed, 13 Feb 2019 20:35:33 -0500 Received: from mail-vs1-f68.google.com ([209.85.217.68]:40977 "EHLO mail-vs1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728073AbfBNBfd (ORCPT ); Wed, 13 Feb 2019 20:35:33 -0500 Received: by mail-vs1-f68.google.com with SMTP id m20so2168010vsq.8 for ; Wed, 13 Feb 2019 17:35:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=TmLwR9SK/L1ub2UqKIynjD9SpCt7lvovD4KgOt1r+rU=; b=LRrlFMqs4PNqzFONzIHrAsLYDpDm76ciPQW/c1v1+nkQAgYIsjEOfy81BPAtnmqXIb 7zF3wWA105tOgP72dSF2w+eY0GJxEN8A9IlP2OjOIPv2Pl7aftkoyA5h2wReh9xKrshQ EcNc1CS0OEYEWTRtu+gagMv+LTXWrSa8//z3A= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=TmLwR9SK/L1ub2UqKIynjD9SpCt7lvovD4KgOt1r+rU=; b=A1ntPLZvJtFafWQ7vZbvCiJ4ngEkx8CRS8qq79Oz5qdxDcoaXXFKdW8097237Qxuj5 Qr9eJ1Ab1gS+CpTE46advvQYc1b8FavlkjceyAwA8ekEml2wYtXjMd3sgqqCx4psLVvI NDMe3hK2xhqQOzBka9D+48vdQf/b/62IitDV2czNReRWutNE65ZIrWDv+cRBtYzvARWu u4vS5x9zwhOzjZPKbes5CctU15aXslKxeXAf4oC1ZN9M2QHaO1rssDBD/thHOuyPwxSM tywk2E/CVZY/PmOEDbG1AbED4uogsUHY/tSg9b6NDqfv4E1TPNillnX51BBpfMAfDEzP lDQQ== X-Gm-Message-State: AHQUAuZCgyoSwMSWqwCg4u81AzN62keHapvMXAVB0v62iZqoATEjZP3f SytqXQS12IsFuLcYTf9jFlfzst2epFo= X-Received: by 2002:a67:ea02:: with SMTP id g2mr677065vso.205.1550108131732; Wed, 13 Feb 2019 17:35:31 -0800 (PST) Received: from mail-ua1-f47.google.com (mail-ua1-f47.google.com. [209.85.222.47]) by smtp.gmail.com with ESMTPSA id 2sm134244vsd.13.2019.02.13.17.35.30 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 13 Feb 2019 17:35:30 -0800 (PST) Received: by mail-ua1-f47.google.com with SMTP id j8so1472511uae.13 for ; Wed, 13 Feb 2019 17:35:30 -0800 (PST) X-Received: by 2002:ab0:74cb:: with SMTP id f11mr642242uaq.14.1550108129914; Wed, 13 Feb 2019 17:35:29 -0800 (PST) MIME-Version: 1.0 References: In-Reply-To: From: Kees Cook Date: Wed, 13 Feb 2019 17:35:17 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: Userspace regression in LTS and stable kernels To: Samuel Dionne-Riel Cc: Richard Weinberger , LKML , Linus Torvalds , Graham Christensen , Oleg Nesterov , Michal Hocko , Andrew Morton Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, Feb 13, 2019 at 5:27 PM Samuel Dionne-Riel wrote: > If I understand right, you're asking whether it should return NOEXEC > if, of the first 128 bytes of the shebang, there are no spaces, but a > too long shebang? I wouldn't know for sure. The behaviour would > change. Instead failing due to trying to execute a shortened path, it > would fall back to the shell interpreter interpreting the file, which, > due to the inclusion of a specific shebang, might be a wrong > assumption still. Here I believe it's still in the "undefined > behaviour" territory, but one where it fails early for the userspace. The original problem that was trying to be fixed here was to disallow execution of a truncated interpreter path. It was assumed argument truncate was just as bad, but it's not, since the interpreter can (and does!) re-read the script to get the right arguments. So, I've sent a fix-up patch that should disallow the path truncation, but pass through the argument truncation as before. This passes all the tests I built: $ ls -l /AAA*/perl -rwxr-xr-x 1 root root 129 Feb 13 17:17 /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/perl -rwxr-xr-x 1 root root 129 Feb 13 17:17 /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/perl -rwxr-xr-x 1 root root 129 Feb 13 17:17 /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/perl -rwxr-xr-x 1 root root 129 Feb 13 17:17 /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/perl -rwxr-xr-x 1 root root 129 Feb 13 17:17 /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/perl $ ./test.pl Arg # 0 : /nix/store/mbwav8kz8b3y471wjsybgzw84mrh4js9-perl-5.28.1/bin/perl Arg # 1 : -I/nix/store/x6yyav38jgr924nkna62q3pkp0dgmzlx-perl5.28.1-Fi Arg # 2 : ./test.pl $ ./AAAA.pl Error: no such file "I should fail to run huge interp\n" $ ./A128.pl Error: no such file "I should fail to run 128 byte buf interp\n" $ ./A127.pl Error: no such file "I should fail to run 127 byte buf interp\n" $ ./A126.pl Arg # 0 : '/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/perl' Arg # 1 : './A126.pl' $ ./A125space.pl Arg # 0 : '/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/perl' Arg # 1 : './A125space.pl' Are you able to test the patch and report back? Thanks again for bringing this to our attention! -- Kees Cook