| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20230907204256.3700336-1-gpiccoli@igalia.com>
Date: Thu, 7 Sep 2023 17:24:49 -0300
From: "Guilherme G. Piccoli" <gpiccoli@...lia.com>
To: linux-kernel@...r.kernel.org, linux-fsdevel@...r.kernel.org
Cc: linux-mm@...ck.org, kernel-dev@...lia.com, kernel@...ccoli.net,
keescook@...omium.org, ebiederm@...ssion.com, oleg@...hat.com,
yzaikin@...gle.com, mcgrof@...nel.org, akpm@...ux-foundation.org,
brauner@...nel.org, viro@...iv.linux.org.uk, willy@...radead.org,
david@...hat.com, dave@...olabs.net, sonicadvance1@...il.com,
joshua@...ggi.es, "Guilherme G. Piccoli" <gpiccoli@...lia.com>
Subject: [RFC PATCH 0/2] Introduce a way to expose the interpreted file with binfmt_misc
Currently the kernel provides a symlink to the executable binary, in the
form of procfs file exe_file (/proc/self/exe_file for example). But what
happens in interpreted scenarios (like binfmt_misc) is that such link
always points to the *interpreter*. For cases of Linux binary emulators,
like FEX [0] for example, it's then necessary to somehow mask that and
emulate the true binary path.
We hereby propose a way to expose such interpreted binary as exe_file if
the flag 'I' is selected on binfmt_misc. When that flag is set, the file
/proc/self/exe_file points to the *interpreted* file, be it ELF or not.
In order to allow users to distinguish if such flag is used or not without
checking the binfmt_misc filesystem, we propose also the /proc/self/interpreter
file, which always points to the *interpreter* in scenarios where
interpretation is set, like binfmt_misc. This file is empty / points to
nothing in the case of regular ELF execution, though we could consider
implementing a way to point to the LD preloader if that makes sense...
This was sent as RFC because of course it's a very core change, affecting
multiple areas and there are design choices (and questions) in each patch
so we could discuss and check the best way to implement the solution as
well as the corner cases handling. This is a very useful feature for
emulators and such, like FEX and Wine, which usually need to circumvent
this kernel limitation in order to expose the true emulated file name
(more examples at [1][2][3]).
This patchset is based on the currently v6.6-rc1 candidate (Linus tree
from yesterday) and was tested under QEMU as well as using FEX.
Thanks in advance for comments, any feedback is greatly appreciated!
Cheers,
Guilherme
[0] https://github.com/FEX-Emu/FEX
[1] Using an environment variable trick to override exe_file:
https://gitlab.freedesktop.org/mesa/mesa/-/blob/main/src/util/u_process.c#L209
[2] https://github.com/baldurk/renderdoc/pull/2694
[3] FEX handling of the exe_file parsing:
https://github.com/FEX-Emu/FEX/blob/main/Source/Tools/FEXLoader/LinuxSyscalls/FileManagement.cpp#L499
Guilherme G. Piccoli (2):
binfmt_misc, fork, proc: Introduce flag to expose the interpreted binary in procfs
fork, procfs: Introduce /proc/self/interpreter symlink
Documentation/admin-guide/binfmt-misc.rst | 11 ++
arch/arc/kernel/troubleshoot.c | 5 +
fs/binfmt_elf.c | 7 ++
fs/binfmt_misc.c | 11 ++
fs/coredump.c | 5 +
fs/exec.c | 26 ++++-
fs/proc/base.c | 48 +++++---
include/linux/binfmts.h | 4 +
include/linux/mm.h | 7 +-
include/linux/mm_types.h | 2 +
kernel/audit.c | 5 +
kernel/audit_watch.c | 7 +-
kernel/fork.c | 131 +++++++++++++++++-----
kernel/signal.c | 7 +-
kernel/sys.c | 5 +
kernel/taskstats.c | 7 +-
security/tomoyo/util.c | 5 +
17 files changed, 241 insertions(+), 52 deletions(-)
--
2.42.0
Powered by blists - more mailing lists