Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec

From: Kees Cook
Date: Fri Jul 07 2017 - 18:13:48 EST

Next message: Alex Williamson: "[PATCH] vfio: Remove unnecessary uses of vfio_container.group_lock"
Previous message: Kees Cook: "Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec"
In reply to: Kees Cook: "Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec"
Next in thread: Linus Torvalds: "Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Fri, Jul 7, 2017 at 1:04 PM, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Fri, Jul 7, 2017 at 12:56 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>> As discussed with Linus and Andy, we need to reset the stack rlimit
>> before we do memory layouts when execing a privilege-gaining (e.g.
>> setuid) program. This moves security_bprm_secureexec() earlier (with
>> required changes), and then lowers the stack limit when appropriate.
>
> Looks sane to me, and that first patch looks like a nice cleanup
> regardless - the old semantics were insane.

I wonder if we could collapse all the secureexec logic in
setup_new_exec. There are three places (?). I was shy to consolidate
those in this patch in case there were weird dependencies on
dumpability ordering. But I'll go see if I can clean those up too...

-Kees

--
Kees Cook
Pixel Security

Next message: Alex Williamson: "[PATCH] vfio: Remove unnecessary uses of vfio_container.group_lock"
Previous message: Kees Cook: "Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec"
In reply to: Kees Cook: "Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec"
Next in thread: Linus Torvalds: "Re: [PATCH 0/2] exec: Use sane stack rlimit for setuid exec"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]