Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Date:   Thu, 10 Aug 2023 13:24:55 -0700
From:   Kees Cook <keescook@chromium.org>
To:     Pali =?iso-8859-1?Q?Roh=E1r?= <pali@kernel.org>
Cc:     Kees Cook <kees@kernel.org>,
        Eric Biederman <ebiederm@xmission.com>, linux-mm@kvack.org,
        linux-kernel@vger.kernel.org
Subject: Re: binfmt_misc & different PE binaries
Message-ID: <202308101323.F17474FEB6@keescook>
References: <20230706115550.sqyh3k26e2glz2lu@pali>
 <20230806162346.v7gjoev2nepxlcox@pali>
 <C636CC6D-9504-4B81-8B47-2734C70F20C2@kernel.org>
 <20230807170852.yefmkcqwum6gdao6@pali>
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20230807170852.yefmkcqwum6gdao6@pali>
Precedence: bulk

On Mon, Aug 07, 2023 at 07:08:52PM +0200, Pali Roh?r wrote:
> On Monday 07 August 2023 07:45:08 Kees Cook wrote:
> > On August 6, 2023 9:23:46 AM PDT, "Pali Roh?r" <pali@kernel.org> wrote:
> > >Hello, I would like to remind this email about binfmt_misc for PE.
> > >
> > >On Thursday 06 July 2023 13:55:50 Pali Roh?r wrote:
> > >> Hello,
> > >> 
> > >> I would like to ask how to properly register binfmt_misc for different
> > >> PE binaries, so kernel could execute the correct loader for them.
> > >> 
> > >> I mean, how to register support for Win32 (console/gui) PE binaries and
> > >> also for CLR PE binaries (dotnet). Win32 needs to be executed under wine
> > >> and CLR ideally under dotnet core (or mono).
> > >> 
> > >> I have read kernel documentation files admin-guide/binfmt-misc.rst
> > >> and admin-guide/mono.rst. But seems that they are in conflicts as both
> > >> wants to registers its own handler for the same magic:
> > >> 
> > >>   echo ':DOSWin:M::MZ::/usr/local/bin/wine:' > register
> > >> 
> > >>   echo ':CLR:M::MZ::/usr/bin/mono:' > /proc/sys/fs/binfmt_misc/register
> > >> 
> > >> Not mentioning the fact that they register DOS MZ handler, which matches
> > >> not only all PE binaries (including EFI, libraries, other processors),
> > >> but also all kind of other NE/LE/LX binaries and different DOS extenders.
> > >> 
> > >> From documentation it looks like that even registering PE binaries is
> > >> impossible by binfmt_misc as PE is detected by checking that indirect
> > >> reference from 0x3C is PE\0\0. And distinguish between Win32 and CLR
> > >> needs to parse PE COM descriptor directory.
> > >> 
> > >> Or it is possible to write binfmt_misc pattern match based on indirect
> > >> offset?
> > 
> > Normally a single userspace program will be registered and it can do whatever it needs to do to further distinguish the binary and hand it off to the appropriate loader.
> 
> Ok, so you are saying that there should be one userspace program which
> distinguish between DOS, CLR and Win32 and then exec the correct
> "runtime" loader? Is there such one? Also it would be nice to mention it
> in the documentation.

I've not spent much time with it, but I think Wine can be set up to
do this?

Anyway, I'm happy to apply Documentation patches, if you want to send
changes that would make things more clear. :)

-Kees

-- 
Kees Cook