lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 03 Aug 2020 15:20:07 -0500
From:   ebiederm@...ssion.com (Eric W. Biederman)
To:     Linus Torvalds <torvalds@...ux-foundation.org>
Cc:     <linux-kernel@...r.kernel.org>
Subject: [GIT PULL] exec cleanups for v5.9-rc1


Please pull the exec-linus branch from the git tree:

   git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git exec-linus

   HEAD: 7fce69dff8db30cb93aace0bbebda09972027af7 Implement kernel_execve

During the development of v5.7 I ran into bugs and quality of
implementation issues related to exec that could not be easily
fixed because of the way exec is implemented.  So I have been
diggin into exec and cleaning up what I can.

This cycle I have been looking at different ideas and different
implementations to see what is possible to improve exec, and cleaning
the way exec interfaces with in kernel users.  Only cleaning up the
interfaces of exec with rest of the kernel has managed to stabalize
and make it through review in time for v5.9-rc1 resulting in 2
sets of changes this cycle.

      Implement kernel_execve
      Make the user mode driver code a better citizen

With kernel_execve the code size got a little larger as the copying of
parameters from userspace and copying of parameters from userspace is
now separate.  The good news is kernel threads no longer need to play
games with set_fs to use exec.  Which when combined with the rest of
Christophs set_fs changes should security bugs with set_fs much more
difficult.

The first changeset "Make the user mode driver code a better citizen"
should be both in this tree and in the bpf tree.

This inches the exec code closer to sorting out the long standing issues
I am aware of.

After 5.9-rc1 is released I am hoping to quickly rebase and get a lot of
changes posted, reviewed and merged.  I have a lot of additional fixes
and cleanups that just need a little more attention before they are
ready to merge.

Eric W. Biederman (25):
      umh: Capture the pid in umh_pipe_setup
      umh: Move setting PF_UMH into umh_pipe_setup
      umh: Rename the user mode driver helpers for clarity
      umh: Remove call_usermodehelper_setup_file.
      umh: Separate the user mode driver and the user mode helper support
      umd: For clarity rename umh_info umd_info
      umd: Rename umd_info.cmdline umd_info.driver_name
      umd: Transform fork_usermode_blob into fork_usermode_driver
      umh: Stop calling do_execve_file
      exec: Remove do_execve_file
      bpfilter: Move bpfilter_umh back into init data
      umd: Track user space drivers with struct pid
      exit: Factor thread_group_exited out of pidfd_poll
      bpfilter: Take advantage of the facilities of struct pid
      umd: Remove exit_umh
      umd: Stop using split_argv
      Make the user mode driver code a better citizen
      exec: Remove unnecessary spaces from binfmts.h
      exec: Factor out alloc_bprm
      exec: Move initialization of bprm->filename into alloc_bprm
      exec: Move bprm_mm_init into alloc_bprm
      exec: Factor bprm_execve out of do_execve_common
      exec: Factor bprm_stack_limits out of prepare_arg_pages
      exec: Implement kernel_execve
      Implement kernel_execve

 arch/x86/entry/entry_32.S        |   2 +-
 arch/x86/entry/entry_64.S        |   2 +-
 arch/x86/kernel/unwind_frame.c   |   2 +-
 fs/exec.c                        | 307 +++++++++++++++++++++++++--------------
 include/linux/binfmts.h          |  21 +--
 include/linux/bpfilter.h         |   7 +-
 include/linux/sched.h            |   9 --
 include/linux/sched/signal.h     |   2 +
 include/linux/umh.h              |  15 --
 include/linux/usermode_driver.h  |  18 +++
 init/main.c                      |   4 +-
 kernel/Makefile                  |   1 +
 kernel/exit.c                    |  25 +++-
 kernel/fork.c                    |   6 +-
 kernel/umh.c                     | 171 +---------------------
 kernel/usermode_driver.c         | 182 +++++++++++++++++++++++
 net/bpfilter/bpfilter_kern.c     |  38 ++---
 net/bpfilter/bpfilter_umh_blob.S |   2 +-
 net/ipv4/bpfilter/sockopt.c      |  20 +--
 security/tomoyo/common.h         |   2 +-
 security/tomoyo/domain.c         |   4 +-
 security/tomoyo/tomoyo.c         |   4 +-
 22 files changed, 480 insertions(+), 364 deletions(-)

Eric

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ