lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <9856acd1-cab7-2691-1c89-279fbfe53e19@redhat.com>
Date:   Fri, 26 Aug 2016 16:55:50 +0200
From:   Florian Weimer <fweimer@...hat.com>
To:     James Bottomley <James.Bottomley@...senPartnership.com>,
        Josh Max <JMax@...l.greenriver.edu>, viro@...iv.linux.org.uk
Cc:     linux-fsdevel@...r.kernel.org, linux-kernel@...r.kernel.org,
        "Carlos O'Donell" <carlos@...hat.com>
Subject: Re: [PATCH] binfmt_misc: allow selecting the interpreter based on
 xattr keywords

On 08/25/2016 06:15 PM, James Bottomley wrote:
> On Sun, 2016-08-21 at 21:01 -0700, Josh Max wrote:
>> This patch allows binfmt_misc to select the interpeter for arbitrary
>> binaries by comparing a specified registered keyword with the value
>> of a specified binary's extended attribute (user.binfmt.interp),
>> and then launching the program with the registered interpreter.
>>
>> This is useful when wanting to launch a collection of binaries under
>> the same interpreter, even when they do not necessarily share a
>> common extension or magic bits, or when their magic conflics with the
>> operation of binfmt_elf. Some examples of its use would be to launch
>> some executables of various different architectures in a directory,
>> or for running some native binaries under a sandbox (like firejail)
>> automatically during their launch.
>
> Could you expand on the use cases?

A non-security use case would be to run the binary (without 
modification) with a different ELF interpreter (assuming this allows to 
override binfmt_elf, but self-sandboxing would need that as well).  This 
would make it easier to use older or newer libcs for select binaries on 
the system.  Right now, one has to write wrappers for that, and the 
explicit dynamic linker invocation is not completely transparent to the 
application.

Florian

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ