[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9856acd1-cab7-2691-1c89-279fbfe53e19@redhat.com>
Date: Fri, 26 Aug 2016 16:55:50 +0200
From: Florian Weimer <fweimer@...hat.com>
To: James Bottomley <James.Bottomley@...senPartnership.com>,
Josh Max <JMax@...l.greenriver.edu>, viro@...iv.linux.org.uk
Cc: linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
"Carlos O'Donell" <carlos@...hat.com>
Subject: Re: [PATCH] binfmt_misc: allow selecting the interpreter based on
xattr keywords
On 08/25/2016 06:15 PM, James Bottomley wrote:
> On Sun, 2016-08-21 at 21:01 -0700, Josh Max wrote:
>> This patch allows binfmt_misc to select the interpeter for arbitrary
>> binaries by comparing a specified registered keyword with the value
>> of a specified binary's extended attribute (user.binfmt.interp),
>> and then launching the program with the registered interpreter.
>>
>> This is useful when wanting to launch a collection of binaries under
>> the same interpreter, even when they do not necessarily share a
>> common extension or magic bits, or when their magic conflics with the
>> operation of binfmt_elf. Some examples of its use would be to launch
>> some executables of various different architectures in a directory,
>> or for running some native binaries under a sandbox (like firejail)
>> automatically during their launch.
>
> Could you expand on the use cases?
A non-security use case would be to run the binary (without
modification) with a different ELF interpreter (assuming this allows to
override binfmt_elf, but self-sandboxing would need that as well). This
would make it easier to use older or newer libcs for select binaries on
the system. Right now, one has to write wrappers for that, and the
explicit dynamic linker invocation is not completely transparent to the
application.
Florian
Powered by blists - more mailing lists