Received: by 2002:a05:6a10:413:0:0:0:0 with SMTP id 19csp2056148pxp; Thu, 10 Mar 2022 18:40:11 -0800 (PST) X-Google-Smtp-Source: ABdhPJwTVVS/UGkhDdO/7MIG/s31nm0rzufhGH6k8LcPjFb+l/2F1lo22usyWJZYm8kU/7X8hte5 X-Received: by 2002:a17:903:2308:b0:151:8ca0:cd8d with SMTP id d8-20020a170903230800b001518ca0cd8dmr8006396plh.119.1646966411246; Thu, 10 Mar 2022 18:40:11 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1646966411; cv=none; d=google.com; s=arc-20160816; b=kjwKS51LINIn0gPDAT8PMJB1tTlroqZSRp+4V3hv7z1aKhxslM9xKeX9Ha4sNUc+ZY Q17ZsC6NoWCa84RWM8oh6lSZWqh6MlVFn3WHnS10G2/JlCPNcDt0V0fEIagItNQYXXWw YP7cmQfhM4cB8ThnArvavrZoWh0HgBT47VC2PAmd6vnnzcA4AsQLDHD8hWT9ikC0lB// AgjlP4nnD2+P2iFOIl+y55/XDA6LnodaFVVnuH/2yT4/iTQhIRFWlFwj8msp+h6QGGkM 8M2KTyA9xD4invhCLRDKuj/tszDOh5AYveT8cjF3GgymWs0ERe1jMBZSEyvo2q/tuciQ dsWg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:in-reply-to:content-disposition:mime-version :references:message-id:subject:cc:to:from:date:dkim-signature; bh=lEOkrVgcJZdOpXrqIK9Xwy4NV75c7mrQ1k1DVuFpKnM=; b=XeMCgFwM2TjCgW/UNFgTdEclzdbXUDJxW6GiNPUC5XeW4aKGLZKUHyAMkviHYkz6C9 NafUF51uY17tQGGIZ4QzLTFqRBDxqIHt/YgcgOz/B4sy6Tu5imK40rWrLJWbUVb7iluu ZuBxiwdzqg81w9A/QQRhYyZlUWdy80/ztgr2YktDu0OOIeODXEo1eWfq6biUf5RlZMb+ 1crmb8E/XceRWhe74d1YKjm79Kry4PpurIuVOV/AsyMrkicy/p7QTFHfqVky7Uc83fNC Zwa3O2WIQwuLdsLx4IdKMIvpHeB50WlOLBJY2xOPEOXolYsjGa3zKp9edIEfEVIuMjLO moow== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=b7OhXiqU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20]) by mx.google.com with ESMTP id p15-20020a170902b08f00b0014d743694ecsi5855787plr.442.2022.03.10.18.39.55; Thu, 10 Mar 2022 18:40:11 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=b7OhXiqU; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S241100AbiCJQOk (ORCPT + 99 others); Thu, 10 Mar 2022 11:14:40 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57042 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S241009AbiCJQO1 (ORCPT ); Thu, 10 Mar 2022 11:14:27 -0500 Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id EB29DE1B59 for ; Thu, 10 Mar 2022 08:13:26 -0800 (PST) Received: by mail-pj1-x1034.google.com with SMTP id z12-20020a17090ad78c00b001bf022b69d6so5654606pju.2 for ; Thu, 10 Mar 2022 08:13:26 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=date:from:to:cc:subject:message-id:references:mime-version :content-disposition:in-reply-to; bh=lEOkrVgcJZdOpXrqIK9Xwy4NV75c7mrQ1k1DVuFpKnM=; b=b7OhXiqUJ2oyKnp9Y21BDXMjY0kk/egOkrjh5HRAzYzuD2yJ9Y5GLXzDNdCVe+41w0 M+6Ml58nU8iWesUVOP+1aUQb1brA4wcb9XHv0P2ta0jLXsGzuj1YJFQ7H4c2/MZm3dmB 9YHuxVneWRgHyU1S6GRn4t1fFwfBHHzsUyPdk= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:date:from:to:cc:subject:message-id:references :mime-version:content-disposition:in-reply-to; bh=lEOkrVgcJZdOpXrqIK9Xwy4NV75c7mrQ1k1DVuFpKnM=; b=LQysWEu1Xnh7OITPtBoyprmQI7nvaJHdbMmnd0cfKsUZCvu5il0u1nl09K7oOvLq8k Nm5R/iBOkHYFcnNnBHAZDa0Y6OXSQHa0DVxPlwgHIQk+fCl7bniE6nZ641SszH1oBe06 LQB8P4HLa1alO/fnudmkzCbD+N8unEmeAx/DR9wYEgCXP7azGG35E1CWOQx2DzyyMNZ/ TK+i3VSjEqQHuHUhJQTpbZrHacdIPr85465sxg+AU0o6W6DO1udq6PLUBzi+02fCrEPb jzhLZUbGYxeCH/VQH4cBl0I5WqVDwiZTKHycK0CVDwau+SrIDxsstgm9Ogbq/6Oi60mi xayQ== X-Gm-Message-State: AOAM530eNENLjtNL9p6Pk2gvrH2oysbFB+GeqOgPFisfZagTiV88YQyM si69Nh9JUlcSQHUHZuq1aoSCt4x39Qt2BQ== X-Received: by 2002:a17:90a:168f:b0:1b9:453a:fe79 with SMTP id o15-20020a17090a168f00b001b9453afe79mr17140950pja.107.1646928806494; Thu, 10 Mar 2022 08:13:26 -0800 (PST) Received: from www.outflux.net (smtp.outflux.net. [198.145.64.163]) by smtp.gmail.com with ESMTPSA id x6-20020a17090aa38600b001bce781ce03sm6348367pjp.18.2022.03.10.08.13.26 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Mar 2022 08:13:26 -0800 (PST) Date: Thu, 10 Mar 2022 08:13:25 -0800 From: Kees Cook To: Domenico Andreoli Cc: Eric Biederman , linux-kernel@vger.kernel.org Subject: Re: [PATCH] binfmt_misc: add two-steps registration (opt-in) Message-ID: <202203100811.F2B43DD@keescook> References: MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Spam-Status: No, score=-2.6 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH, DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on lindbergh.monkeyblade.net Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Mar 01, 2022 at 02:28:22PM +0100, Domenico Andreoli wrote: > From: Domenico Andreoli > > Experimenting with new interpreter configurations can lead to annoying > failures, when the system is left unable to load ELF binaries power > cycling is the only way to get it back operational. > > This patch tries to mitigate such conditions by adding an opt-in > two-steps registration. > > A new optional field is added to the configuration string, it's an > expiration interval for the newly added interpreter. If the user is > not able to confirm in time, possibly because the system is broken, > the new interpreter is automatically disabled. Hi! As this both changes the userspace API and adds timers, I'd like the change to be really well justified. Can you explain the conditions you get into that can't be escaped by just disabling the bad binfmt_misc entry? -Kees -- Kees Cook