[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 7 Jul 2017 15:39:59 -0700
From: Linus Torvalds <torvalds@...ux-foundation.org>
To: Kees Cook <keescook@...omium.org>
Cc: Andy Lutomirski <luto@...nel.org>,
David Howells <dhowells@...hat.com>,
Serge Hallyn <serge@...lyn.com>,
John Johansen <john.johansen@...onical.com>,
Casey Schaufler <casey@...aufler-ca.com>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Michal Hocko <mhocko@...nel.org>,
Ben Hutchings <ben@...adent.org.uk>,
Hugh Dickins <hughd@...gle.com>,
Oleg Nesterov <oleg@...hat.com>,
"Jason A. Donenfeld" <Jason@...c4.com>,
Rik van Riel <riel@...hat.com>,
Alexander Viro <viro@...iv.linux.org.uk>,
James Morris <james.l.morris@...cle.com>,
Greg Ungerer <gerg@...ux-m68k.org>,
Ingo Molnar <mingo@...nel.org>,
Nicolas Pitre <nicolas.pitre@...aro.org>,
Stephen Smalley <sds@...ho.nsa.gov>,
Paul Moore <paul@...l-moore.com>,
Vivek Goyal <vgoyal@...hat.com>,
Mickaël Salaün <mic@...ikod.net>,
Tetsuo Handa <penguin-kernel@...ove.sakura.ne.jp>,
linux-fsdevel <linux-fsdevel@...r.kernel.org>,
Linux Kernel Mailing List <linux-kernel@...r.kernel.org>,
LSM List <linux-security-module@...r.kernel.org>
Subject: Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec
On Fri, Jul 7, 2017 at 3:13 PM, Kees Cook <keescook@...omium.org> wrote:
>
> I wonder if we could collapse all the secureexec logic in
> setup_new_exec.
Probably.
Some of our insane calls back-and-forth between different layers are
due to people abstracting things out and trying very hard to keep old
(and bad) orderings without trying to really determine if they are the
right thing to do.
We *have* occasionally collapsed things when it became obvious just
how crazy things were, but not very often.
There's another thing that I _think_ should be cleaned up:
install_exec_creds(bprm);
should also be moved into setup_new_exec().
It used to be at a different point in the load sequence, but we fixed
all that up in the ELF loader, but we kept it in the *callers* because
some of the old loaders have different sequences.
But it's quite likely that all the other loaders should be fixed to do
what ELF does. I think they currently have the odd old semantics that
they may load the binary using the old permissions, so a suid binary
needs to be readable by non-root users (which is just stupid).
But it's nasty nasty work to go through and check what subtle things
might change.
Which is why nobody ever does it ;(
Linus
Powered by blists - more mailing lists