Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3447144yba; Sat, 11 May 2019 10:51:03 -0700 (PDT) X-Google-Smtp-Source: APXvYqxcYG+G3kCCGNdUNFE6bWdk4F8IREruQwSurqnVuu8EjcKCFbuvZ6x8nV7i/F6ODUkrqw9p X-Received: by 2002:a62:5653:: with SMTP id k80mr22972014pfb.144.1557597063681; Sat, 11 May 2019 10:51:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557597063; cv=none; d=google.com; s=arc-20160816; b=Yf/aLDX0NgdDMCsV9FgFA+tIKDynDgAVopS2l6Y88xoqjez0XyWsZTyoo+iI2ycVPK K9lKATBYUZuNrEyJ9ofgCw6+MmB58J5FZbzZM6boVkTBXK0GoJOLvxRlA6fIPQfr8/lo VZE72YHp3zoiAexQNPAW1Hlltp1+qNuRigI2NLKrH5JWB3CrbriiUix5lgm8jnO/UO0G Bfy22LJT1VI1x0ShF/BKhCaZNRJo16p2gI6PKjuWJl8ns8tJUq1bY6LrV+EgH1CQB4yX 76Li+PdLN91hC+iQF5jJQ6OuLgNxQUeshHRMHoUy7ITs79TgXSs3tpL+3K2gwhSUGZff dtIA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:from:cc:to:subject :content-transfer-encoding:mime-version:references:in-reply-to :user-agent:date:dkim-signature; bh=P4y88h0juv/wSdSJ+5tYBt22omcjz7XQLON95qdiSUs=; b=VY1Owc7tDbAQBc5kEUWl0pRC/REtC1v8ZkiVrIOl9vfE+v2vOB32RYpJxOJ22V88t4 zjFIo3aRLQfV3pZqcp/UhfJ8N6OQmZEnXOB0SQQU/fdVFweAhXDgJaIv/GeN47+xuQT1 ZzhE0ieFnkiaJ28dbD81dlv9lyOwwaGQZFlUdnN4OqQChX4UgGlZjo5lJFAcXfPNPVil SykFEi6o0Tb1SviKjFq+SqmVMRubekkYD49ljK0H94+/9THw97RStsPLESLIQcIoujRP 2iS2pe1AIolO91ragxlXytyZm5ozohT2NAw9LQIQWGqS3Fb0H2lcpE9tl5wBDnohSXyF aa4g== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@brauner.io header.s=google header.b=RFt36aKW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id c193si13752293pfb.71.2019.05.11.10.50.47; Sat, 11 May 2019 10:51:03 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@brauner.io header.s=google header.b=RFt36aKW; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726233AbfEKRs7 (ORCPT + 99 others); Sat, 11 May 2019 13:48:59 -0400 Received: from mail-pf1-f194.google.com ([209.85.210.194]:46874 "EHLO mail-pf1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726121AbfEKRs7 (ORCPT ); Sat, 11 May 2019 13:48:59 -0400 Received: by mail-pf1-f194.google.com with SMTP id y11so4903851pfm.13 for ; Sat, 11 May 2019 10:48:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=brauner.io; s=google; h=date:user-agent:in-reply-to:references:mime-version :content-transfer-encoding:subject:to:cc:from:message-id; bh=P4y88h0juv/wSdSJ+5tYBt22omcjz7XQLON95qdiSUs=; b=RFt36aKWzpvo0FHSxCMxH0MRXX/4bwWQVo9yhWfBqmD/Gmcl/Qspvke8IM4iMCDkLw cYMJQnRF4KleONc2nVeG53KfTjPQdB8eXF08CT9E2UEv0GJkyHzVt3nvPidolKI1C2fv CNNzthL42YeTTJbhoYAmHlRi4qc5nM9AEiqrWQ3ieuRscYJab+2nRNKf4GBnzAAm8WE3 hz/Lz0cuatbQBVxD/cFF+YI8ALATseC5tWTFIwWDV66DRAoKAXDbzftCQ26+NYzpJ3Zh hzpJPLfmck7XRJt5tU2kCyp0fF1y4r/vbdq1tLppsV5yE+VOA1RcLQKEuznbXWAQ7Kv0 1Ceg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:user-agent:in-reply-to:references :mime-version:content-transfer-encoding:subject:to:cc:from :message-id; bh=P4y88h0juv/wSdSJ+5tYBt22omcjz7XQLON95qdiSUs=; b=oR8BMplDNJf722KJyA5j3yQUXHu/TSuB8xOMjxzavvKA7eW6WfV9OshpfiBlT/+bQ9 KOS+RYIbw2bJXy+abIEJ3JXcqozAjYws4MMY7tkf648Y2QNf+JBuheageCAZkkOJ4leQ dy9Z/Q9hiw06YqA15ry56QU1e/1v7xM2qbMLg7BLdWt0Wuq3CNFRiQ/kP42qKfi1QVTM GkP2RkVhtr0SrrEZcSO4SKNRQa3AMM7rERPM25s5brcqkPAyq1tqJkvhIhTX1i49G6jk 0iL9wNbgmduzVA57sIPDNLLTlxfnmpjTO1aBuhtKHOIVDBSZSemguORxdejLukWv6Fo3 mizw== X-Gm-Message-State: APjAAAVt0xt1t9VCHszr95n2phWrPJtw/GaxG2gio5/T/MoLlu9XwHip 5GfqampUW83/QGqhhos3WJZiCQ== X-Received: by 2002:a65:60cd:: with SMTP id r13mr7213542pgv.58.1557596938251; Sat, 11 May 2019 10:48:58 -0700 (PDT) Received: from [25.171.29.203] ([172.56.30.186]) by smtp.gmail.com with ESMTPSA id f5sm4212739pfn.161.2019.05.11.10.48.56 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 11 May 2019 10:48:57 -0700 (PDT) Date: Sat, 11 May 2019 19:48:47 +0200 User-Agent: K-9 Mail for Android In-Reply-To: References: <20190506165439.9155-1-cyphar@cyphar.com> <20190506165439.9155-6-cyphar@cyphar.com> <20190506191735.nmzf7kwfh7b6e2tf@yavin> <20190510204141.GB253532@google.com> <20190510225527.GA59914@google.com> <20190511173113.qhqmv5q5f74povix@yavin> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Subject: Re: [PATCH v6 5/6] binfmt_*: scope path resolution of interpreters To: Linus Torvalds , Aleksa Sarai CC: Andy Lutomirski , Jann Horn , Andy Lutomirski , Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Eric Biederman , Andrew Morton , Alexei Starovoitov , Kees Cook , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Aleksa Sarai , Linux Containers , linux-fsdevel , Linux API , kernel list , linux-arch From: Christian Brauner Message-ID: <3DFB2DAE-C66F-427D-BF0A-EB31DC590B4D@brauner.io> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On May 11, 2019 7:43:44 PM GMT+02:00, Linus Torvalds wrote: >On Sat, May 11, 2019 at 1:31 PM Aleksa Sarai wrote: >> >> Yup, I've dropped the patch for the next version=2E (To be honest, I'm >not >> sure why I included any of the other flags -- the only one that >would've >> been necessary to deal with CVE-2019-5736 was AT_NO_MAGICLINKS=2E) > >I do wonder if we could try to just set AT_NO_MAGICLINKS >unconditionally for execve() (and certainly for the suid case)=2E > >I'd rather try to do these things across the board, than have "suid >binaries are treated specially" if at all possible=2E > >The main use case for having /proc//exe thing is for finding open >file descriptors, and for 'ps' kind of use, or to find the startup >directory when people don't populate the execve() environment fully >(ie "readlink(/proc/self/exe)" is afaik pretty common=2E > >Sadly, googling for > > execve /proc/self/exe > >does actually find hits, including one that implies that chrome does >exactly that=2E So it might not be possible=2E > >Somewhat odd, but it does just confirm the whole "users will at some >point do everything in their power to use every odd special case, >intended or not"=2E > > Linus Sadly I have to admit that we are using this=2E Also, execveat on glibc is implemented via /proc/self/fd/ on kernels that do not have a proper execveat=2E See fexecve=2E=2E=2E Christian