Re: [PATCH v2 4/8] exec: Allow load_misc_binary to call prepare_binfmt unconditionally
From: Kees Cook <hidden>
Date: 2020-05-19 18:27:31
Also in:
linux-fsdevel, lkml
Possibly related (same subject, not in this thread)
- 2020-05-19 · Re: [PATCH v2 4/8] exec: Allow load_misc_binary to call prepare_binfmt unconditionally · Kees Cook <hidden>
- 2020-05-19 · Re: [PATCH v2 4/8] exec: Allow load_misc_binary to call prepare_binfmt unconditionally · Eric W. Biederman <hidden>
On Mon, May 18, 2020 at 07:31:51PM -0500, Eric W. Biederman wrote:
Add a flag preserve_creds that binfmt_misc can set to prevent credentials from being updated. This allows binfmt_misc to always call prepare_binfmt. Allowing the credential computation logic to be
typo: prepare_binprm()
consolidated. Not replacing the credentials with the interpreters credentials is safe because because an open file descriptor to the executable is passed to the interpreter. As the interpreter does not need to reopen the executable it is guaranteed to see the same file that exec sees.
Yup, looks good. Note below on comment. Reviewed-by: Kees Cook <redacted>
quoted hunk ↗ jump to hunk
[...]diff --git a/include/linux/binfmts.h b/include/linux/binfmts.h index 8605ab4a0f89..dbb5614d62a2 100644 --- a/include/linux/binfmts.h +++ b/include/linux/binfmts.h@@ -26,6 +26,8 @@ struct linux_binprm { unsigned long p; /* current top of mem */ unsigned long argmin; /* rlimit marker for copy_strings() */ unsigned int + /* It is safe to use the creds of a script (see binfmt_misc) */ + preserve_creds:1,
How about: /* * A binfmt handler will set this to True before calling * prepare_binprm() if it is safe to reuse the previous * credentials, based on bprm->file (see binfmt_misc). */ -- Kees Cook