[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20200330083446.GA13522@redhat.com>
Date: Mon, 30 Mar 2020 10:34:46 +0200
From: Oleg Nesterov <oleg@...hat.com>
To: Kees Cook <keescook@...omium.org>
Cc: Adam Zabrocki <pi3@....com.pl>, linux-kernel@...r.kernel.org,
kernel-hardening@...ts.openwall.com, Jann Horn <jannh@...gle.com>,
Andy Lutomirski <luto@...capital.net>,
"Eric W. Biederman" <ebiederm@...ssion.com>,
Bernd Edlinger <bernd.edlinger@...mail.de>
Subject: Re: Curiosity around 'exec_id' and some problems associated with it
On 03/29, Kees Cook wrote:
>
> On Tue, Mar 24, 2020 at 10:50:49PM +0100, Adam Zabrocki wrote:
> >
> > In short, if you hold the file descriptor open over an execve() (e.g. share it
> > with child) the old VM is preserved (refcounted) and might be never released.
> > Essentially, mother process' VM will be still in memory (and pointer to it is
> > valid) even if the mother process passed an execve().
This was true after e268337dfe26dfc7efd422a804dbb27977a3cccc, but please see
6d08f2c7139790c ("proc: make sure mem_open() doesn't pin the target's memory"),
iir it was merged soon after the 1st commit.
Oleg.
Powered by blists - more mailing lists