Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3447327yba; Sat, 11 May 2019 10:51:23 -0700 (PDT) X-Google-Smtp-Source: APXvYqx2IeTvtcxHytlbZ9jpur3TdxeXmZ+znY47oN0jQqAORcHeGje9pE/DvHPk7hPkOO62K6Pc X-Received: by 2002:a65:610b:: with SMTP id z11mr2008542pgu.204.1557597083658; Sat, 11 May 2019 10:51:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1557597083; cv=none; d=google.com; s=arc-20160816; b=Wswi1QOQfFE6NBd8zMR5ubS3TMP3xY0BsRqaSr7Bts+XNnHk92UpMd8y7t+dCLfjhI u9hauw26UErBrzzyTT3c/RI4BJo989ZvqSX9pYPgZuQq6q69wqdXcMrX6GTsGN5Ss3H9 6CHEufLtiitlazSPSPj5DDzCCNx4VIy9GKDXlhkXHERvw8WtiYgsBtgrdjiATcTzimSA GNBbLZq8h1QUiNb+/9IMOmoKzl0fYYAZDeiN/TFrI+2P4jm1jpEYBmDHvmkTnEBpbklI xOBU3GmSBPyZqdtd2K3YFGXNdF8kXk69YPRZpXD93UmYR1DR/nDQeeqH/Z8K2DBgcuhE EMYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=oaeXZZDv7nk/NFiZCevhSY5ipAOiI6kKAyNxXRM162A=; b=t952WYYJEwnjGTSTm9iT+LyvzvhGC4l8ZCfqS4/SvC7Hbv41NJtO+OW3TdA3kc81Lq 6DenNWrzSDAye2vyGa/bQXuzO5wgdw2cJIpjktx5XRdBazcFPgnbfbPyfBc81PNFqOSo /C/Da40kQlvYNuflM0wNNVNXPAxNO3pY5JA3j4St2rAu24Y31WQWfXqLjXNyZbouMbzK uzoty1sMfHR5FJVFLMVtgDfqTXVA3uHDpDFm8UgYeigjQHzBa3CoUs2qow2fVUtf4vny xr4IwkaLrmaCkIwoAXskzL/PegQ7Bpz8YkaEfU/cVYXT1zK4JC/YtTY8NPSZR+fPRlRt k9LA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=gYUKeQFk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x9si11975079pgx.421.2019.05.11.10.51.07; Sat, 11 May 2019 10:51:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=gYUKeQFk; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726283AbfEKRuF (ORCPT + 99 others); Sat, 11 May 2019 13:50:05 -0400 Received: from mail-lj1-f194.google.com ([209.85.208.194]:44097 "EHLO mail-lj1-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725903AbfEKRuE (ORCPT ); Sat, 11 May 2019 13:50:04 -0400 Received: by mail-lj1-f194.google.com with SMTP id e13so7624824ljl.11 for ; Sat, 11 May 2019 10:50:03 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=oaeXZZDv7nk/NFiZCevhSY5ipAOiI6kKAyNxXRM162A=; b=gYUKeQFkZfPF+SBFGZsaxSPX55GAIAS/b1OL8l3HnOId4D1oRMFa3K7gUFrPcwRrwy APK5QWg5R2UiE0UN3c1Dva/PzQWGeJlJ5tHgbq3gjrlKhO0guDRYzfDmlm0/LX/2qE9B K7S0QKKNg6ex1rQUDLj3zMpwysbA0a21x1Q6o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=oaeXZZDv7nk/NFiZCevhSY5ipAOiI6kKAyNxXRM162A=; b=q4tRXziFJRfdpqsxEUhtPSpFpPPymgw/y0/bpJu0cqo8fyEklR48dJNzWfUe1GFNrg hDFFYSc6hWlNK1w9nKeSPg97a9m+BMkwMv0RU0bUHLtc7fbMikaefd94POn8J644DxzX TshVdjV4VrAOEhkDNpubLrczeszwpImkC9gVm5TjGFNGowg+RZ9EKw9el86/nxGfcTRO dEQVX/9X9b1UL8AaGQ94CzvbIhi4sjdqvuscccIgmhoow2Jr0iGheXeR76A1m6LdbxFL QJmJAbZ+Qb/TEsJMQpy+Q0mhlTDTkrsTnxiE0XQjM8CkVLF/3FHDmeJJ+f2ydh5li9Lf I+ng== X-Gm-Message-State: APjAAAW5uuDi7zjnB4CfYvytIxKYAS93whkOWXZ6gucfsfro8VfWfuHq z7ORZLWcD2HEP34Tu2Kxs9XQzSLBz/I= X-Received: by 2002:a2e:5b43:: with SMTP id p64mr9067741ljb.126.1557597002559; Sat, 11 May 2019 10:50:02 -0700 (PDT) Received: from mail-lj1-f173.google.com (mail-lj1-f173.google.com. [209.85.208.173]) by smtp.gmail.com with ESMTPSA id d6sm2264910lfm.20.2019.05.11.10.50.02 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 11 May 2019 10:50:02 -0700 (PDT) Received: by mail-lj1-f173.google.com with SMTP id 188so7636601ljf.9 for ; Sat, 11 May 2019 10:50:02 -0700 (PDT) X-Received: by 2002:a2e:9ac8:: with SMTP id p8mr8365865ljj.79.1557596640790; Sat, 11 May 2019 10:44:00 -0700 (PDT) MIME-Version: 1.0 References: <20190506165439.9155-1-cyphar@cyphar.com> <20190506165439.9155-6-cyphar@cyphar.com> <20190506191735.nmzf7kwfh7b6e2tf@yavin> <20190510204141.GB253532@google.com> <20190510225527.GA59914@google.com> <20190511173113.qhqmv5q5f74povix@yavin> In-Reply-To: <20190511173113.qhqmv5q5f74povix@yavin> From: Linus Torvalds Date: Sat, 11 May 2019 13:43:44 -0400 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v6 5/6] binfmt_*: scope path resolution of interpreters To: Aleksa Sarai Cc: Andy Lutomirski , Jann Horn , Andy Lutomirski , Al Viro , Jeff Layton , "J. Bruce Fields" , Arnd Bergmann , David Howells , Eric Biederman , Andrew Morton , Alexei Starovoitov , Kees Cook , Christian Brauner , Tycho Andersen , David Drysdale , Chanho Min , Oleg Nesterov , Aleksa Sarai , Linux Containers , linux-fsdevel , Linux API , kernel list , linux-arch Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Sat, May 11, 2019 at 1:31 PM Aleksa Sarai wrote: > > Yup, I've dropped the patch for the next version. (To be honest, I'm not > sure why I included any of the other flags -- the only one that would've > been necessary to deal with CVE-2019-5736 was AT_NO_MAGICLINKS.) I do wonder if we could try to just set AT_NO_MAGICLINKS unconditionally for execve() (and certainly for the suid case). I'd rather try to do these things across the board, than have "suid binaries are treated specially" if at all possible. The main use case for having /proc//exe thing is for finding open file descriptors, and for 'ps' kind of use, or to find the startup directory when people don't populate the execve() environment fully (ie "readlink(/proc/self/exe)" is afaik pretty common. Sadly, googling for execve /proc/self/exe does actually find hits, including one that implies that chrome does exactly that. So it might not be possible. Somewhat odd, but it does just confirm the whole "users will at some point do everything in their power to use every odd special case, intended or not". Linus