lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 15 Jan 2020 13:55:27 +0000
From:   Al Viro <viro@...iv.linux.org.uk>
To:     Laurent Vivier <laurent@...ier.eu>
Cc:     linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org,
        James Bottomley <James.Bottomley@...senpartnership.com>
Subject: Re: [RFC v2] binfmt_misc: pass binfmt_misc flags to the interpreter

On Wed, Jan 15, 2020 at 01:19:16PM +0100, Laurent Vivier wrote:
> Le 07/01/2020 à 15:50, Laurent Vivier a écrit :
> > Hi,
> > 
> > this change is simple, easy to read and understand but it is really
> > needed by user space application interpreter to know the status of the
> > system configuration.
> > 
> > Could we have a comment saying if there is a problem or if it is good to
> > be merged?
> 
> Anyone?

	FWIW, one thing that looks worrying here is that these bits become
userland ABI after this patch - specific values passed in that thing
can't be changed.  And no a single mention of that in fs/binfmt_misc.c,
leaving a nasty trap.  As far as one can tell, their values are fair game
for reordering, etc. - not even visible outside of fs/binfmt_misc.c;
purely internal constants.  And the effect of such modifications after
your patch will not be "everything breaks, patch gets caught by somebody's
tests" - it will be a quiet breakage for some users.

> >>  #define MISC_FMT_OPEN_BINARY (1 << 30)
> >>  #define MISC_FMT_CREDENTIALS (1 << 29)
> >>  #define MISC_FMT_OPEN_FILE (1 << 28)
> >> +#define MISC_FMT_FLAGS_MASK (MISC_FMT_PRESERVE_ARGV0 | MISC_FMT_OPEN_BINARY | \
> >> +			     MISC_FMT_CREDENTIALS | MISC_FMT_OPEN_FILE)

IOW, you are making those parts of userland ABI cast in stone forever.
Whether this bit assignment does make sense or not, such things really
should not be hidden.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ