Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec

From: Linus Torvalds
Date: Fri Jul 07 2017 - 16:04:30 EST

Next message: Sebastian Reichel: "[PATCH 0/2] regulator: cpcap: Fix standby mode"
Previous message: Mimi Zohar: "Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment"
In reply to: Kees Cook: "[PATCH 1/2] exec: Move security_bprm_secureexec() earlier"
Next in thread: Linus Torvalds: "Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jul 7, 2017 at 12:56 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> As discussed with Linus and Andy, we need to reset the stack rlimit
> before we do memory layouts when execing a privilege-gaining (e.g.
> setuid) program. This moves security_bprm_secureexec() earlier (with
> required changes), and then lowers the stack limit when appropriate.

Looks sane to me, and that first patch looks like a nice cleanup
regardless - the old semantics were insane.

But yes, we should have more people look at this, particular have the
security module people look at that first patch to make sure it is the
right thing to do for their policies, and make sure that everybody's
bprm_secureexec() function actually looks at the creds in the brmp,
not "current" (well, maybe they compare the two, which makes tons of
sense, and which the old placement didn't sanely support).

It looks like Kees went through the security modules, but having the
people involved double-check is a good good idea.

Linus

Next message: Sebastian Reichel: "[PATCH 0/2] regulator: cpcap: Fix standby mode"
Previous message: Mimi Zohar: "Re: [PATCH v2] integrity: track mtime in addition to i_version for assessment"
In reply to: Kees Cook: "[PATCH 1/2] exec: Move security_bprm_secureexec() earlier"
Next in thread: Linus Torvalds: "Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]