Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp2780017ybk; Mon, 18 May 2020 07:46:23 -0700 (PDT) X-Google-Smtp-Source: ABdhPJzGRulIyZ01mH2XR+W0U4BSLasfg8P3bYj/bSuCS56poiZOvZUZmo7sUImXZjqXsLBUrujl X-Received: by 2002:a17:906:860a:: with SMTP id o10mr15915236ejx.250.1589813182917; Mon, 18 May 2020 07:46:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589813182; cv=none; d=google.com; s=arc-20160816; b=HiLQ887bsALdJ31JbUxre8YtBj04yIeDSMKuGmBpYMYsUxPwaQsrDKBrGdOYLzcbRF 9lUeFtnJR5AuqmvzvkyvO2zRYePB0gKnpHVAN/pC1SQCF1dwc4DQk/GOK4c/ZpnU4NjC rMzKrtipDxVHOxz4mdRNACTrF0cVolODEpufDtNbmQ7P+2AWnzlwEW9iUvg6fDu0tHqR Xk39oIV2cZtXIRgZE6TpUBNM/GmO+a9Z88VL3ezno07gfZYjqBz95mWgRlHnTvRMQ0tv n+abd8ACpBHGzMi3nKeYLK/F9pvpr22tZ4FUctBpz9SNJA3xLF5y6vq+a4m1h0H9e8hW Q+Xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=vmKMl5YPAbtYvThGAufK7+pRDXytMF6DEwy6+OdOT6c=; b=EKaBCVVXRzw2dbdFseCZ+qtwjSialXly/GphvpvXLUYC+EojjosbGVrPjxqMkbKZuo +lKKN5kf7Gxr2Fn2HC/jtvMstBhGO+y7D4QKJkkiRBJxY254XbbdJkRFEQnI+lN0TTkd dNOlV8PQdkUuckYL8dw+XH0ZUzHsYGYCh8Tb/mT9rcAwtmKcijFe9WByCD00Ms/DWEGV k3g+LxVDpVnSl6RrT7/2byDzgzhrKDNr/K1FLxIooGWpwd1GQM381Ir0+eFAXlykU9o/ rIQoJ2FKqK03r4fptAaWvJ8PoDtu8iferZ7NruXGhtTszcit8UMvDh9GLe0dT6fK0LAV q+2A== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=NnbKbGQl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id u14si5995839edd.346.2020.05.18.07.45.59; Mon, 18 May 2020 07:46:22 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@google.com header.s=20161025 header.b=NnbKbGQl; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=google.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727020AbgEROnt (ORCPT + 99 others); Mon, 18 May 2020 10:43:49 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:59882 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726997AbgEROns (ORCPT ); Mon, 18 May 2020 10:43:48 -0400 Received: from mail-lj1-x241.google.com (mail-lj1-x241.google.com [IPv6:2a00:1450:4864:20::241]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 5DE92C05BD09 for ; Mon, 18 May 2020 07:43:48 -0700 (PDT) Received: by mail-lj1-x241.google.com with SMTP id w10so10156589ljo.0 for ; Mon, 18 May 2020 07:43:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=vmKMl5YPAbtYvThGAufK7+pRDXytMF6DEwy6+OdOT6c=; b=NnbKbGQluk5lNt1OMh91AzLf43ctbuCx11Qrf3/SH8c37zea2KCW1nBzzZxOP6eBMJ mNikiWnBzqw1Qh5gemWUCvWkJrCIW8yDSnkDx8R6ZYBzKq+OLJjZPeFz2G9mgUvlkVTM dm8UA+SmF8OQXRg6DdCXiTcqKrEVyEYP7SLPKT2yHm+RCB4cGu3cFPb2AjVfi0QY5rUq qAGDKXTutca8F5XEP0TqE545HEJbER9IgNbvIFzIa9jPi0OuqeYk/x+vJdTSoeTUygoI 8E5aJEpfXrwXeNyCuMqf4Iw1FJkWkKCQGV1kAlYV1sACiLyt3C6WFh/ySD2nZG5gBeFu wwUg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=vmKMl5YPAbtYvThGAufK7+pRDXytMF6DEwy6+OdOT6c=; b=g163u/S98qYSXe3I9+YL6e3zcTIIgNSd22ia6Qw6AqrSqgHB3nfVtwPEKwWsfES6Sm 1/ZYtfxiuBtDc4txQ8mHhfVcb9JxuyghTmBfIWJ0iULSNcdjRDdT8tdnYrFwVOAm9ic5 sL4GKN4CnzrR+GDg0B2znPKFpmXVs0eu6epLKOIsWWRdeiGRNWFFJenUS9pVTO4QNACL +JOeuCVZonwFjmfoxAzdWo+cd5Y5ShRzkBNWd/NnuLymXAudQ/lwN1P7hN5tT+9TgjY7 FR2qiHob4tRG33kGwZ60jp77STLUMUOHYDEeaeP8DZR1wj6UsruLm5r1scNWHfKPRraF 1ZKQ== X-Gm-Message-State: AOAM533qlH+HcWzWC9ufUeu6nkGD2cLcoiX6BuZ3qXj9ILywc3P3lSa7 4NHrc+kHcA75Ss/OL0hwiLwGqePRyM3XcxIa6DEQIA== X-Received: by 2002:a2e:8e8c:: with SMTP id z12mr2985329ljk.221.1589813026603; Mon, 18 May 2020 07:43:46 -0700 (PDT) MIME-Version: 1.0 References: <20200518055457.12302-1-keescook@chromium.org> <20200518055457.12302-2-keescook@chromium.org> <20200518130251.zih2s32q2rxhxg6f@wittgenstein> In-Reply-To: <20200518130251.zih2s32q2rxhxg6f@wittgenstein> From: Jann Horn Date: Mon, 18 May 2020 16:43:20 +0200 Message-ID: Subject: Re: [PATCH 1/4] exec: Change uselib(2) IS_SREG() failure to EACCES To: Christian Brauner Cc: Kees Cook , Al Viro , Andrew Morton , Tetsuo Handa , Eric Biggers , Dmitry Vyukov , linux-fsdevel , linux-security-module , Linux API , kernel list Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, May 18, 2020 at 3:03 PM Christian Brauner wrote: > Also - gulp (puts on flame proof suit) - may I suggest we check if there > are any distros out there that still set CONFIG_USELIB=y Debian seems to have it enabled on x86... https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/config/kernelarch-x86/config#L1896 A random Ubuntu 19.10 VM I have here has it enabled, too.