Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp107201ybk; Tue, 12 May 2020 16:53:52 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzC5wa78ATaHLRgQYDajqvVTLsvDVrgJlT30nVcO3hqmIebfBlRe/JWVpt4NnXuou8hpxd1 X-Received: by 2002:a50:e04c:: with SMTP id g12mr4973723edl.74.1589327631960; Tue, 12 May 2020 16:53:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589327631; cv=none; d=google.com; s=arc-20160816; b=iJcVPmjjGLYVvYiKsrD4bQOKAA7215TpuQcHOrVytizk91JleMYkD2WYj3v+Y4Pxpx 62nO7YTzuh48bEjhtZo21JCR+1HCMjyB88/haxrmpe8N/ITS1A1Km9/cu9rktIRvfZFI zV4I7lNHKf+n8mmx/F+Lx1CI799J4IWnh/12NhHJwG7BdPJ4shXSpgh9CNgn6ShiARkL TTYRO4mMKLSsMzbjq9VdRatqeMrJt1RFUVx7YY5TTHQyilE+x2Yj47nNCZiB1Vs8R7Eo hGdZtutTdeWh7zQYaUmWmLGkouiuiDtvP5Mt7+Tdqfva/zMakuqgmI8RIrquIXheeSit Z3zA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :dkim-signature; bh=7+F4liAaMr4vgR2fMURd01YkZSvvte2W6gqbbzWKG5c=; b=YaCu3py8+fN7v//iLvfOCxLcJi1u9g+4NkvwQhMI73qmeBNlAZKCMZM4h+Mp5NTycc wqMCl56sP0ztcA7oyzYIoI1eOHcoUtK+kMDmzhRDF7SbXXnS4FiUfPc7Fk8gNLEVSVlV BT67aGiJ9AjO93f7PYce1Y8tZ7c0y7IlGGtsl+PNrrKM9qRR+a1CveVpIRWVoHCX9Hv2 +Bn8lasmbTR32t9uQcSAGuupdciLRIy0rEFSQQt3mjgc2SVo2kGQKPy8DIA9o+oJ0300 ++9qHmAdm9jHFatvgDdvP2SBUxaCk+hyygz8hFjoLINprFdtr1Z54JSH7IlTtXEHcmeb T3/g== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=SrKIZ8AE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id n23si8866556edt.420.2020.05.12.16.53.29; Tue, 12 May 2020 16:53:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=SrKIZ8AE; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1731711AbgELXvc (ORCPT + 99 others); Tue, 12 May 2020 19:51:32 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:41088 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729646AbgELXvc (ORCPT ); Tue, 12 May 2020 19:51:32 -0400 Received: from mail-pj1-x1044.google.com (mail-pj1-x1044.google.com [IPv6:2607:f8b0:4864:20::1044]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 2DC70C061A0E for ; Tue, 12 May 2020 16:51:32 -0700 (PDT) Received: by mail-pj1-x1044.google.com with SMTP id e6so10164157pjt.4 for ; Tue, 12 May 2020 16:51:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=7+F4liAaMr4vgR2fMURd01YkZSvvte2W6gqbbzWKG5c=; b=SrKIZ8AEXY1eEqueHNpwaWV+9SfeA1ktJrITPsb+4ODj2OLx3HeoWSVg4b1yiBK0kk 6MROIbFjB6t0AOStv7l25VgYcJLvH4J1cFT3bMK+Hb/sttDC/HHYMSJ6wqV0ytmucRxo Vv6Ki9QiL8gnNgKQeoJ6ivZeumPVZXIHJ2kXQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=7+F4liAaMr4vgR2fMURd01YkZSvvte2W6gqbbzWKG5c=; b=qR8ecEJYu8+GNYohpkowGur4Poav1jODz6jwVU8NtDb6AMCtKmjpiJIxLSwZe2IHDC hhOkenkkPhSBv8+1Rkr8HuniqLAJn0SVeM3zVjr/eIcNY38D6DGWf3vfI9VjqlZPYvjo nnNH+HptVWTdEwlhYsJjPR0xUQ7yG7qNgxNpT2MnmtIWTq1RH2pQwN4OzD+YxX6J2Ytq xrCxeC649HUpDY5pr8C+kf1pxVAMO28kwKdOShFIvKT7EL0HgZAvZZADjFfYZEwatzcX YEPWAjY1VNNdn6il8fAkl9B2+d3uFOsd9lV1Yh6Jj28cx1h7QbTWwljrL1BuBADa5bhR 1x1w== X-Gm-Message-State: AGi0PuYc8J6pNYRYKKsxxemHqDFbTHEydpXzwT6jWS4EhW63NSUgNSP2 VyajyyPCrA6m8Lgw2Wy03CoUKA== X-Received: by 2002:a17:902:ec04:: with SMTP id l4mr22412099pld.6.1589327491660; Tue, 12 May 2020 16:51:31 -0700 (PDT) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id o11sm2521576pfd.195.2020.05.12.16.51.30 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 12 May 2020 16:51:30 -0700 (PDT) Date: Tue, 12 May 2020 16:51:29 -0700 From: Kees Cook To: "Eric W. Biederman" Cc: Linus Torvalds , Tetsuo Handa , Linux Kernel Mailing List , Oleg Nesterov , Jann Horn , Greg Ungerer , Rob Landley , Bernd Edlinger , linux-fsdevel , Al Viro , Alexey Dobriyan , Andrew Morton , Casey Schaufler , LSM List , James Morris , "Serge E. Hallyn" , Andy Lutomirski Subject: Re: [PATCH 3/5] exec: Remove recursion from search_binary_handler Message-ID: <202005121649.4ED677068@keescook> References: <87eerszyim.fsf_-_@x220.int.ebiederm.org> <87sgg6v8we.fsf@x220.int.ebiederm.org> <202005111428.B094E3B76A@keescook> <874kslq9jm.fsf@x220.int.ebiederm.org> <202005121218.ED0B728DA@keescook> <87lflwq4hu.fsf@x220.int.ebiederm.org> <202005121606.5575978B@keescook> <202005121625.20B35A3@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <202005121625.20B35A3@keescook> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, May 12, 2020 at 04:47:14PM -0700, Kees Cook wrote: > And now I wonder if qemu actually uses the resulting AT_EXECFD ... It does, though I'm not sure if this is to support crossing mount points, dropping privileges, or something else, since it does fall back to just trying to open the file. execfd = qemu_getauxval(AT_EXECFD); if (execfd == 0) { execfd = open(filename, O_RDONLY); if (execfd < 0) { printf("Error while loading %s: %s\n", filename, strerror(errno)); _exit(EXIT_FAILURE); } } -- Kees Cook