Re: [PATCH 4/4] binfmt_elf: Elf executable signature verification

From: Vivek Goyal
Date: Wed Mar 20 2013 - 12:00:06 EST

Next message: Vivek Goyal: "Re: [PATCH v5] x86, kdump: Set crashkernel_low automatically"
Previous message: Felipe Balbi: "Re: [PATCH 0/5] usb: musb/otg: cleanup and fixes"
In reply to: Vivek Goyal: "Re: [PATCH 4/4] binfmt_elf: Elf executable signature verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Mar 19, 2013 at 10:39:01AM -0400, Mimi Zohar wrote:

[..]
>
> Lastly, adding 'VM_LOCKED' here seems to change existing, expected
> behavior. According to the mlock(2) man pages, "Memory locks are not
> inherited by a child created via fork(2) and are automatically removed
> (unlocked) during an execve(2) or when the process terminates." Someone
> else needs to comment on this sort of change. Andrew? Al?

I think removing locks during execve() makes sense. New executable will
get its own locked memory and it is not dependent on memory areas locked
before execve().

fork() is more interesting though. I guess we could just reset the
"signed" bit of forked process. So it does not inherit it from parent. And
when forked process does exec() it will lock its own memory areas and
get "signed" bit if signatuer verification was successful.

So looks like exeisting memory lock behavior on fork()/execve() will be
fine.

Thanks
Vivek
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Vivek Goyal: "Re: [PATCH v5] x86, kdump: Set crashkernel_low automatically"
Previous message: Felipe Balbi: "Re: [PATCH 0/5] usb: musb/otg: cleanup and fixes"
In reply to: Vivek Goyal: "Re: [PATCH 4/4] binfmt_elf: Elf executable signature verification"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]