Received: by 2002:a25:6193:0:0:0:0:0 with SMTP id v141csp1002487ybb; Wed, 8 Apr 2020 14:21:29 -0700 (PDT) X-Google-Smtp-Source: APiQypLwjLb2bsCRPhkInap+zDf8EgJCSJT++dZ9D3lKQ5IKOkm1CTSuAHJt+m51gCl+VgIuS+7L X-Received: by 2002:a05:6830:1ae9:: with SMTP id c9mr1459962otd.298.1586380889134; Wed, 08 Apr 2020 14:21:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1586380889; cv=none; d=google.com; s=arc-20160816; b=fmJDsb167HirhAQ5Bxafjlw9c10zFiCSwxwCl4B5t5T142FtcUzlSOfUEdVibP7Pkb xjJZvrO56QCxopGaV9oz6m9NbM4wInAfEM1UzPGmPnQRq/LtNuKl4QKp+OCxQRhhpZWd Po4o7QAF+q5TRAiheIFR2R7cifgGaZfqDCWU2xKVNKzAPkoUcW6rfkECzxd7j5DWIIui B43qT23h+5zZzpAL490wULt67Y/4W/vazkqVlSoVXWD5hgvjttwhK1UK3QOI9TUFLsMt 9ThlXc9xDdPx9Y9NdcfOm3UgGCdf9kg7K6ET0ASwg+LQQ8TQ+AGF9OvOyREyHA7clCVi NVMQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=lmW1kBANhNCKQomzjz6tBYP3TN8jkHzWDA2kJzdFS8U=; b=t0LXEUAorX1i0M3bRM5CW+KX1g9h+ggoSAEIUAIjsJUTZKWIw11DOxD1obAE6Q0xAH efb731lSUcmf73Nlk48nakrfzcyMgBJZh0XXdxb1IbcTXjtJGwM2H5EnmlxjJiSlAkV/ ICsjKnMDRtyT0Fv8Qj9kzjNkcVaUcFem9b10vZyKrVsJIUEHwAVYyb0m+5+Hhy9R+NnG dsUAN4RVWpOfLWiX8EpUcnKYGh6drurYb9654zwlXtrTg7Qi7OBfLtNgHJ5ZYjK6+uWo VLTN97bpdCqpjS1Q9AQVyQiZ9Ka2t57hsxTGav3vS+owObJcIZMEetCMDuTxjf5FWa2l 8ZGg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Ao5NFBjh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id x13si2920963oto.105.2020.04.08.14.21.15; Wed, 08 Apr 2020 14:21:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@linux-foundation.org header.s=google header.b=Ao5NFBjh; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728533AbgDHRZi (ORCPT + 99 others); Wed, 8 Apr 2020 13:25:38 -0400 Received: from mail-lj1-f195.google.com ([209.85.208.195]:43490 "EHLO mail-lj1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727192AbgDHRZi (ORCPT ); Wed, 8 Apr 2020 13:25:38 -0400 Received: by mail-lj1-f195.google.com with SMTP id g27so8462809ljn.10 for ; Wed, 08 Apr 2020 10:25:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linux-foundation.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lmW1kBANhNCKQomzjz6tBYP3TN8jkHzWDA2kJzdFS8U=; b=Ao5NFBjhbqRZ9wC2Ceqr+vcVRiRnoLz0Xh6wH0b44DvlMJCpcB9KHsqyceCapwB2EA iw/sBOeR2lWHoHARimi5ampBkxXBPU2gVattO6FBrHOZqgaJjk/7BOqGY33Phq64Tjxb IU0j7Ie975ItxQRjkfNwnJF+n4SiU7+8gUZmM= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lmW1kBANhNCKQomzjz6tBYP3TN8jkHzWDA2kJzdFS8U=; b=N2kXJEeMaw0th1GrF0r7+/BMeyUnPGkDNy70IcdsGr7vAv1td01d856+ZEEFgmNWn8 NwzS6KcOY4TCx7l5cvxljlHYYqe1AUEyyWkpBo6BEkiRdv1JiDMealc3YGrJxaMxFKN0 h5wfrDH/1NtafIXebprjqKzyeI0E2G9s6n+hT7rEzd9IMUSa8WjOkMsNSW3ahzqv6vCZ NtEUtos6DVfNB7D95tCP5jy/ZJUYbrjMCCNJr5P/+vyyP7KImnd4R8BQVFbEGhf/Nihs 1Mf0H9tub/HLq+daw182vN57449CuY041eKMS0q3+RsrTxicm1JFca4DHgHHryxGK2fW MKEw== X-Gm-Message-State: AGi0PuZeNHSiexleTkkJePz+QV8aqON5rAPtkn6w5SJROl5VgZM6LLxL m+WHENVDx7NSl1YRlUCKxzkGo/rtY3U= X-Received: by 2002:a2e:9a87:: with SMTP id p7mr1931941lji.61.1586366735393; Wed, 08 Apr 2020 10:25:35 -0700 (PDT) Received: from mail-lj1-f172.google.com (mail-lj1-f172.google.com. [209.85.208.172]) by smtp.gmail.com with ESMTPSA id r21sm14706128ljp.29.2020.04.08.10.25.33 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 08 Apr 2020 10:25:34 -0700 (PDT) Received: by mail-lj1-f172.google.com with SMTP id g27so8462648ljn.10 for ; Wed, 08 Apr 2020 10:25:33 -0700 (PDT) X-Received: by 2002:a2e:8652:: with SMTP id i18mr5932115ljj.265.1586366733516; Wed, 08 Apr 2020 10:25:33 -0700 (PDT) MIME-Version: 1.0 References: <87blobnq02.fsf@x220.int.ebiederm.org> <87lfnda3w3.fsf@x220.int.ebiederm.org> <87wo6s3wxd.fsf_-_@x220.int.ebiederm.org> <87o8s43wuq.fsf_-_@x220.int.ebiederm.org> In-Reply-To: <87o8s43wuq.fsf_-_@x220.int.ebiederm.org> From: Linus Torvalds Date: Wed, 8 Apr 2020 10:25:17 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH 1/3] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf To: "Eric W. Biederman" Cc: Bernd Edlinger , Linux Kernel Mailing List , Alexey Gladkov , Oleg Nesterov , Kees Cook , Jann Horn , Christian Brauner Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Apr 6, 2020 at 6:34 PM Eric W. Biederman wrote: > > In 2016 Linus moved install_exec_creds immediately after > setup_new_exec, in binfmt_elf as a cleanup and as part of closing a > potential information leak. > > Perform the same cleanup for the other binary formats Can we not move it _into_ setup_new_exec() now if you've changed all the binfmt handlers? The fewer cases of "this gets called by the low-level handler at different points" that we have, the better off we'd be, I think. One of the complexities of our execve() code is that some of it gets called directly, and some of it gets called by the binfmt handler, and it's often very hard to see the logic when it jumps out to the binfmt code and then back to the generic fs/exec.c code.. Linus