Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp3893740ybb; Mon, 6 Apr 2020 18:35:23 -0700 (PDT) X-Google-Smtp-Source: APiQypI6zi3jcOVETtuaN7hdblfHSl8gElM1WoNr8DSoua0BWAAQxccVF3uTBdHB1OM/scTQplvF X-Received: by 2002:aca:c390:: with SMTP id t138mr1741768oif.117.1586223323614; Mon, 06 Apr 2020 18:35:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586223323; cv=none; d=google.com; s=arc-20160816; b=wiE6S6HJueGciwY/kckx+qniMPl+r0c/rX5fl60LeUR9/FaOzB1/Ln384hggf8gnjg O2NKTwOIP8owJ34Fi8JNKifkDSvMvv3qc567DHlf2c+/jXMi0x8mwS48GPPwgk55zPc0 7MDKJ3v6dPuSzkFOJzRErYdKCSfzFZvyf7+9vAkuoHJzdF8BweSKQQOASeqbrybYqLAc 5UltQ9OCWqZF/gzupfrZSbBA2BetSgv78jjNxuZ/uK2DvPUC6nCSSFLBfMtfhVFUCD/c iblkmWPQ1BwtqZUo1cYvbpuzjK1PHKcPJzYUs5wZ805srnCGJxTMPn7mcxicGZEYGIE5 ALPQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from; bh=hPsj+jdyMKxhOBBnupyOuTTBdvDV2qETqhaI6RLkv5E=; b=z4KZCoHGKdcjZCWjgA+zDNtVpNYOIV06wKe8Z5tjiclZXi0o8+awosMcTe/wJ+K94M +R3lVqLlh9jaOI/BLVm4kSMxILlxSHiAJhoj2aOa/j7I0czvRFziLb2k9NxwWEf8qN5V mLbYCH9BJ73TezWwCGFu34LE6KE6s7WK17FhPBTT9Nc+ywJY4s297PV0U5nC7rGsNnDf sUYNc38fo4QGbeNc3FhoAvJNTbZUdBPBdN/8dhSfIw9Qv1OERIJOZt91PonIMKufFExI ROfPuTzlx5LpuIGsttmZWZpWRy12hqHBiCUxcv0WTNK+A11I2nuigfAlle8/HfrNR9oQ XSvg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id o85si567420ooo.19.2020.04.06.18.35.11; Mon, 06 Apr 2020 18:35:23 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726352AbgDGBeQ (ORCPT + 99 others); Mon, 6 Apr 2020 21:34:16 -0400 Received: from out01.mta.xmission.com ([166.70.13.231]:43702 "EHLO out01.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726230AbgDGBeP (ORCPT ); Mon, 6 Apr 2020 21:34:15 -0400 Received: from in02.mta.xmission.com ([166.70.13.52]) by out01.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1jLd82-0003J4-7V; Mon, 06 Apr 2020 19:34:14 -0600 Received: from ip68-227-160-95.om.om.cox.net ([68.227.160.95] helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from ) id 1jLd81-0002Tn-B4; Mon, 06 Apr 2020 19:34:14 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Linus Torvalds Cc: Bernd Edlinger , Linux Kernel Mailing List , Alexey Gladkov , Oleg Nesterov , Kees Cook , Jann Horn , Christian Brauner References: <87blobnq02.fsf@x220.int.ebiederm.org> <87lfnda3w3.fsf@x220.int.ebiederm.org> <87wo6s3wxd.fsf_-_@x220.int.ebiederm.org> Date: Mon, 06 Apr 2020 20:31:25 -0500 In-Reply-To: <87wo6s3wxd.fsf_-_@x220.int.ebiederm.org> (Eric W. Biederman's message of "Mon, 06 Apr 2020 20:29:50 -0500") Message-ID: <87o8s43wuq.fsf_-_@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1jLd81-0002Tn-B4;;;mid=<87o8s43wuq.fsf_-_@x220.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=68.227.160.95;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19skiKFAzO68dt2CUixJOa4ehdieyfTS30= X-SA-Exim-Connect-IP: 68.227.160.95 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa06.xmission.com X-Spam-Level: ** X-Spam-Status: No, score=2.0 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,T_TM2_M_HEADER_IN_MSG,T_TooManySym_01,XMNoVowels, XMSubLong autolearn=disabled version=3.4.2 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.5000] * 1.5 XMNoVowels Alpha-numberic number with no vowels * 0.7 XMSubLong Long Subject * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa06 1397; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject X-Spam-DCC: XMission; sa06 1397; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: **;Linus Torvalds X-Spam-Relay-Country: X-Spam-Timing: total 436 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 10 (2.2%), b_tie_ro: 8 (1.9%), parse: 1.03 (0.2%), extract_message_metadata: 12 (2.7%), get_uri_detail_list: 1.91 (0.4%), tests_pri_-1000: 14 (3.1%), tests_pri_-950: 1.26 (0.3%), tests_pri_-900: 1.01 (0.2%), tests_pri_-90: 69 (15.9%), check_bayes: 68 (15.5%), b_tokenize: 9 (2.0%), b_tok_get_all: 8 (1.8%), b_comp_prob: 2.2 (0.5%), b_tok_touch_all: 45 (10.4%), b_finish: 0.90 (0.2%), tests_pri_0: 315 (72.1%), check_dkim_signature: 0.73 (0.2%), check_dkim_adsp: 2.7 (0.6%), poll_dns_idle: 0.71 (0.2%), tests_pri_10: 3.0 (0.7%), tests_pri_500: 8 (1.8%), rewrite_mail: 0.00 (0.0%) Subject: [PATCH 1/3] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In 2016 Linus moved install_exec_creds immediately after setup_new_exec, in binfmt_elf as a cleanup and as part of closing a potential information leak. Perform the same cleanup for the other binary formats. Different binary formats doing the same things the same way makes exec easier to reason about and easier to maintain. Putting install_exec_creds immediate after setup_new_exec makes many simplifications possible in the code. Ref: 9f834ec18def ("binfmt_elf: switch to new creds when switching to new mm") Signed-off-by: "Eric W. Biederman" --- arch/x86/ia32/ia32_aout.c | 3 +-- fs/binfmt_aout.c | 2 +- fs/binfmt_elf_fdpic.c | 2 +- fs/binfmt_flat.c | 3 +-- 4 files changed, 4 insertions(+), 6 deletions(-) diff --git a/arch/x86/ia32/ia32_aout.c b/arch/x86/ia32/ia32_aout.c index 9bb71abd66bd..37b36a8ce5fa 100644 --- a/arch/x86/ia32/ia32_aout.c +++ b/arch/x86/ia32/ia32_aout.c @@ -140,6 +140,7 @@ static int load_aout_binary(struct linux_binprm *bprm) set_personality_ia32(false); setup_new_exec(bprm); + install_exec_creds(bprm); regs->cs = __USER32_CS; regs->r8 = regs->r9 = regs->r10 = regs->r11 = regs->r12 = @@ -156,8 +157,6 @@ static int load_aout_binary(struct linux_binprm *bprm) if (retval < 0) return retval; - install_exec_creds(bprm); - if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; diff --git a/fs/binfmt_aout.c b/fs/binfmt_aout.c index 8e8346a81723..ace587b66904 100644 --- a/fs/binfmt_aout.c +++ b/fs/binfmt_aout.c @@ -162,6 +162,7 @@ static int load_aout_binary(struct linux_binprm * bprm) set_personality(PER_LINUX); #endif setup_new_exec(bprm); + install_exec_creds(bprm); current->mm->end_code = ex.a_text + (current->mm->start_code = N_TXTADDR(ex)); @@ -174,7 +175,6 @@ static int load_aout_binary(struct linux_binprm * bprm) if (retval < 0) return retval; - install_exec_creds(bprm); if (N_MAGIC(ex) == OMAGIC) { unsigned long text_addr, map_size; diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c index 240f66663543..6c94c6d53d97 100644 --- a/fs/binfmt_elf_fdpic.c +++ b/fs/binfmt_elf_fdpic.c @@ -353,6 +353,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm) current->personality |= READ_IMPLIES_EXEC; setup_new_exec(bprm); + install_exec_creds(bprm); set_binfmt(&elf_fdpic_format); @@ -434,7 +435,6 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm) current->mm->start_stack = current->mm->start_brk + stack_size; #endif - install_exec_creds(bprm); if (create_elf_fdpic_tables(bprm, current->mm, &exec_params, &interp_params) < 0) goto error; diff --git a/fs/binfmt_flat.c b/fs/binfmt_flat.c index 831a2b25ba79..1a1d1fcb893f 100644 --- a/fs/binfmt_flat.c +++ b/fs/binfmt_flat.c @@ -541,6 +541,7 @@ static int load_flat_file(struct linux_binprm *bprm, /* OK, This is the point of no return */ set_personality(PER_LINUX_32BIT); setup_new_exec(bprm); + install_exec_creds(bprm); } /* @@ -963,8 +964,6 @@ static int load_flat_binary(struct linux_binprm *bprm) } } - install_exec_creds(bprm); - set_binfmt(&flat_format); #ifdef CONFIG_MMU -- 2.25.0