Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp3068044ybk; Mon, 18 May 2020 17:02:53 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyS5DiwTyLP18Xe+WOz+c/VUSfmdslxKcF4UYAyz6SvoalSxolq5LV5T+EcqAEbcuY/w3Gi X-Received: by 2002:a05:6402:c2:: with SMTP id i2mr16277552edu.224.1589846573008; Mon, 18 May 2020 17:02:53 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589846573; cv=none; d=google.com; s=arc-20160816; b=nR18C8DEwWrS5VOFQ+2e4sgzR0iZlepY7/i9mFHOY38xzOeEaedAUTCNTr5RNIBu24 9y5/AdXhvxye7FO8KFsW36c/JGwROHEJ+EaqaALmrERjLW47m8aJ//apv3iaw/FWlfqj F2aKDbcnC/o5stLmqxupFEGhO7tBxhE/pq5o2uYg8lnpoWTi4oagmJcuzzz8OWJmvt22 B3ANre98p4aIWmkB6c98KAbEsa21AB3R5TsaTQpWfk3UbLApHjT4YNjseFBMIifW5neb i48SdZNxNwjOPJk+C9N6GSEu/KWwyyfdo6/t4yfUfUuQ7tUs251C+U21jCnypZR0HjSy O6mg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:subject:mime-version:user-agent :message-id:in-reply-to:date:references:cc:to:from; bh=eaN9mv43xfvnRvVmWfhElH4m+TKWtdePW3HT65bO9rc=; b=HYK3OLTzc+fjqqIqO7sztqt/jiMaYEcCxImufmCPyn/FWDn7K2b11J7QgFNhm5lTmR 57O+D8F82/Woo1I8EXdNP4GOX1zs6UU9f5ItUIcryPk/y+Xu+zywEmAgN606ODUVyqhT RKmnlCCfJGiBWcih2BjrxlJYf7TdMpA+x66LNrNQIs7q4jAFeK/hWsjsD/Ln8epyazjy YY4gYO0Dh52wWT0rdBzPDp4L+ZLdoCSSKbAOmApsEv9ABZHTgeLo7cjfMdxuwBZ7dVn9 2UuiCRE578a+JXhm9GzrHjEfkrrOYJZZ2DAYWq7E8NlnX6+S4kW4TmMmlIP3y5030tKl +zBA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id gy12si7489242ejb.161.2020.05.18.17.02.29; Mon, 18 May 2020 17:02:52 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=xmission.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726583AbgESABE (ORCPT + 99 others); Mon, 18 May 2020 20:01:04 -0400 Received: from out02.mta.xmission.com ([166.70.13.232]:53872 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726053AbgESABE (ORCPT ); Mon, 18 May 2020 20:01:04 -0400 Received: from in02.mta.xmission.com ([166.70.13.52]) by out02.mta.xmission.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1japgp-0000OE-IQ; Mon, 18 May 2020 18:00:59 -0600 Received: from ip68-227-160-95.om.om.cox.net ([68.227.160.95] helo=x220.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.87) (envelope-from ) id 1japgk-0000i6-TC; Mon, 18 May 2020 18:00:59 -0600 From: ebiederm@xmission.com (Eric W. Biederman) To: Christian Brauner Cc: Jann Horn , Kees Cook , Al Viro , Andrew Morton , Tetsuo Handa , Eric Biggers , Dmitry Vyukov , linux-fsdevel , linux-security-module , Linux API , kernel list References: <20200518055457.12302-1-keescook@chromium.org> <20200518055457.12302-2-keescook@chromium.org> <20200518130251.zih2s32q2rxhxg6f@wittgenstein> <20200518144627.sv5nesysvtgxwkp7@wittgenstein> Date: Mon, 18 May 2020 18:57:15 -0500 In-Reply-To: <20200518144627.sv5nesysvtgxwkp7@wittgenstein> (Christian Brauner's message of "Mon, 18 May 2020 16:46:27 +0200") Message-ID: <87blmk3ig4.fsf@x220.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1japgk-0000i6-TC;;;mid=<87blmk3ig4.fsf@x220.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=68.227.160.95;;;frm=ebiederm@xmission.com;;;spf=neutral X-XM-AID: U2FsdGVkX19DeuOkpDOKLgt2uTPMIXubiPZdr97oZ0k= X-SA-Exim-Connect-IP: 68.227.160.95 X-SA-Exim-Mail-From: ebiederm@xmission.com X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on sa05.xmission.com X-Spam-Level: *** X-Spam-Status: No, score=3.5 required=8.0 tests=ALL_TRUSTED,BAYES_50, DCC_CHECK_NEGATIVE,TR_Symld_Words,T_TM2_M_HEADER_IN_MSG, T_TooManySym_01,T_TooManySym_02,T_TooManySym_03,XMNoVowels,XMSubLong autolearn=disabled version=3.4.2 X-Spam-Report: * -1.0 ALL_TRUSTED Passed through trusted hosts only via SMTP * 0.8 BAYES_50 BODY: Bayes spam probability is 40 to 60% * [score: 0.4933] * 1.5 XMNoVowels Alpha-numberic number with no vowels * 1.5 TR_Symld_Words too many words that have symbols inside * 0.7 XMSubLong Long Subject * 0.0 T_TM2_M_HEADER_IN_MSG BODY: No description available. * -0.0 DCC_CHECK_NEGATIVE Not listed in DCC * [sa05 0; Body=1 Fuz1=1 Fuz2=1] * 0.0 T_TooManySym_01 4+ unique symbols in subject * 0.0 T_TooManySym_02 5+ unique symbols in subject * 0.0 T_TooManySym_03 6+ unique symbols in subject X-Spam-DCC: ; sa05 0; Body=1 Fuz1=1 Fuz2=1 X-Spam-Combo: ***;Christian Brauner X-Spam-Relay-Country: X-Spam-Timing: total 4282 ms - load_scoreonly_sql: 0.04 (0.0%), signal_user_changed: 12 (0.3%), b_tie_ro: 10 (0.2%), parse: 1.12 (0.0%), extract_message_metadata: 14 (0.3%), get_uri_detail_list: 1.87 (0.0%), tests_pri_-1000: 6 (0.1%), tests_pri_-950: 1.39 (0.0%), tests_pri_-900: 1.12 (0.0%), tests_pri_-90: 91 (2.1%), check_bayes: 89 (2.1%), b_tokenize: 8 (0.2%), b_tok_get_all: 8 (0.2%), b_comp_prob: 2.7 (0.1%), b_tok_touch_all: 66 (1.5%), b_finish: 1.02 (0.0%), tests_pri_0: 437 (10.2%), check_dkim_signature: 0.61 (0.0%), check_dkim_adsp: 2.5 (0.1%), poll_dns_idle: 3678 (85.9%), tests_pri_10: 2.8 (0.1%), tests_pri_500: 3712 (86.7%), rewrite_mail: 0.00 (0.0%) Subject: Re: [PATCH 1/4] exec: Change uselib(2) IS_SREG() failure to EACCES X-Spam-Flag: No X-SA-Exim-Version: 4.2.1 (built Thu, 05 May 2016 13:38:54 -0600) X-SA-Exim-Scanned: Yes (on in02.mta.xmission.com) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Christian Brauner writes: > On Mon, May 18, 2020 at 04:43:20PM +0200, Jann Horn wrote: >> On Mon, May 18, 2020 at 3:03 PM Christian Brauner >> wrote: >> > Also - gulp (puts on flame proof suit) - may I suggest we check if there >> > are any distros out there that still set CONFIG_USELIB=y >> >> Debian seems to have it enabled on x86... >> >> https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/config/kernelarch-x86/config#L1896 >> >> A random Ubuntu 19.10 VM I have here has it enabled, too. > > I wonder if there's any program - apart from _ancient_ glibc out there > that actually use it... > I looked at uselib in codsearch but the results were quite unspecific > but I didn't look too close. So the thing to do is to have a polite word with people who build Ubuntu and Debian kernels and get them to disable the kernel .config. A quick look suggets it is already disabled in RHEL8. It cannot be disabled in RHEL7. Then in a few years we can come back and discuss removing the uselib system call, base on no distributions having it enabled. If it was only libc4 and libc5 that used the uselib system call then it can probably be removed after enough time. We can probably reorganize the code before the point it is clearly safe to drop support for USELIB to keep it off to the side so USELIB does not have any ongoing mainteance costs. For this patchset I think we need to assume uselib will need to be maintained for a bit longer. Eric