lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 7 Jul 2017 15:39:59 -0700
From:   Linus Torvalds <torvalds@...ux-foundation.org>
To:     Kees Cook <keescook@...omium.org>
Cc:     Andy Lutomirski <luto@...nel.org>,
        David Howells <dhowells@...hat.com>,
        Serge Hallyn <serge@...lyn.com>,
        John Johansen <john.johansen@...onical.com>,
        Casey Schaufler <casey@...aufler-ca.com>,
        "Eric W. Biederman" <ebiederm@...ssion.com>,
        Michal Hocko <mhocko@...nel.org>,
        Ben Hutchings <ben@...adent.org.uk>,
        Hugh Dickins <hughd@...gle.com>,
        Oleg Nesterov <oleg@...hat.com>,
        "Jason A. Donenfeld" <Jason@...c4.com>,
        Rik van Riel <riel@...hat.com>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        James Morris <james.l.morris@...cle.com>,
        Greg Ungerer <gerg@...ux-m68k.org>,
        Ingo Molnar <mingo@...nel.org>,
        Nicolas Pitre <nicolas.pitre@...aro.org>,
        Stephen Smalley <sds@...ho.nsa.gov>,
        Paul Moore <paul@...l-moore.com>,
        Vivek Goyal <vgoyal@...hat.com>,
        Mickaël Salaün <mic@...ikod.net>,
        Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
        linux-fsdevel <linux-fsdevel@...r.kernel.org>,
        Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
        LSM List <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec

On Fri, Jul 7, 2017 at 3:13 PM, Kees Cook <keescook@...omium.org> wrote:
>
> I wonder if we could collapse all the secureexec logic in
> setup_new_exec.

Probably.

Some of our insane calls back-and-forth between different layers are
due to people abstracting things out and trying very hard to keep old
(and bad) orderings without trying to really determine if they are the
right thing to do.

We *have* occasionally collapsed things when it became obvious just
how crazy things were, but not very often.

There's another thing that I _think_ should be cleaned up:

     install_exec_creds(bprm);

should also be moved into setup_new_exec().

It used to be at a different point in the load sequence, but we fixed
all that up in the ELF loader, but we kept it in the *callers* because
some of the old loaders have different sequences.

But it's quite likely that all the other loaders should be fixed to do
what ELF does. I think they currently have the odd old semantics that
they may load the binary using the old permissions, so a suid binary
needs to be readable by non-root users (which is just stupid).

But it's nasty nasty work to go through and check what subtle things
might change.

Which is why nobody ever does it ;(

                  Linus

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ