Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp4530006ybb; Tue, 7 Apr 2020 09:12:46 -0700 (PDT) X-Google-Smtp-Source: APiQypL4FbknwE/JeuNXynSEl7f4o4NOq3UHqUhjlpqDmfJmk+Tda3qg0Ot/duTPRh7IA3QuDmSv X-Received: by 2002:a4a:3f19:: with SMTP id e25mr2520628ooa.67.1586275966002; Tue, 07 Apr 2020 09:12:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586275965; cv=none; d=google.com; s=arc-20160816; b=vQtUV8RYdeKKHGNF4xoY5PCmzb6sGH2X0nJ2rgNmWZRVhIIztx5+prLKbG+OSAva1l asZE+877CbVQYiOoFHj7l0DKMXB9wVBJp1779Xrh23PA+96owUSF+Lpe6eG7vgRqfM+A WE5oVpZsNDXC11CpQc2TrjuNcu3Z73QNq885AM3E+uAQWHc9M1Nr/Rye7vdhRE8Wmot4 4Vw7wKKYa1uYXRXrCU/Va8K6XvLnJkDb3o10VPJYz2r9mF4vOOWPpbd00EbAawHfRCDH 18dEQ3yuyCL9ioHBv3FREAFBdpnRaZgPer7ZMLcUJLsONH2N1sPTTRlXTo8elJh1Txd4 2PBQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date; bh=OY+Dq7N5D149RpVdKpV976VDQpuf0edUsR4XR16na0I=; b=mogqZ2nyWRKDw5q3s7aYOqWoON+ZXkX75ldJK0FxgFrC15KPH7A85IUxrutJUlXmgY 5nPTuSx0mJNOSWk77Z02vNvjo/Qak+8/ot5vckFUiaASs3nbmps34Wd40DDACH6GAtbp NWIQkoitde7JujF48Cnzw+MBfzy2zHGX0w7Pum/p/USvCFrZP+QJFRk/iVMtAJXbrSEC hLT+9PUouuTKE+qJWpf/6QDHNrppWdwCMQqIs15K48/XstzcBUMrZrbGKWLipNOcT9et tfllZfRht9o0E2Dpz5X8zbbTr0XzYeYcHyBgeVvMaZvCI5l08cT8BYfKwQB7PHpxuOH9 ouYA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t125si796025oie.167.2020.04.07.09.12.25; Tue, 07 Apr 2020 09:12:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727409AbgDGQLK (ORCPT + 99 others); Tue, 7 Apr 2020 12:11:10 -0400 Received: from youngberry.canonical.com ([91.189.89.112]:55614 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726776AbgDGQLJ (ORCPT ); Tue, 7 Apr 2020 12:11:09 -0400 Received: from ip5f5bf7ec.dynamic.kabel-deutschland.de ([95.91.247.236] helo=wittgenstein) by youngberry.canonical.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1jLqoc-0006Wa-6G; Tue, 07 Apr 2020 16:11:06 +0000 Date: Tue, 7 Apr 2020 18:11:05 +0200 From: Christian Brauner To: "Eric W. Biederman" Cc: Linus Torvalds , Bernd Edlinger , Linux Kernel Mailing List , Alexey Gladkov , Oleg Nesterov , Kees Cook , Jann Horn Subject: Re: [PATCH 1/3] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf Message-ID: <20200407161105.qwyxcwgakxpjuclr@wittgenstein> References: <87blobnq02.fsf@x220.int.ebiederm.org> <87lfnda3w3.fsf@x220.int.ebiederm.org> <87wo6s3wxd.fsf_-_@x220.int.ebiederm.org> <87o8s43wuq.fsf_-_@x220.int.ebiederm.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline In-Reply-To: <87o8s43wuq.fsf_-_@x220.int.ebiederm.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 06, 2020 at 08:31:25PM -0500, Eric W. Biederman wrote: > > In 2016 Linus moved install_exec_creds immediately after > setup_new_exec, in binfmt_elf as a cleanup and as part of closing a > potential information leak. > > Perform the same cleanup for the other binary formats. > > Different binary formats doing the same things the same way makes exec > easier to reason about and easier to maintain. > > Putting install_exec_creds immediate after setup_new_exec makes many > simplifications possible in the code. > > Ref: 9f834ec18def ("binfmt_elf: switch to new creds when switching to new mm") > Signed-off-by: "Eric W. Biederman" Sure, why not. Acked-by: Christian Brauner