Re: [PATCH 1/3] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf

From: Linus Torvalds
Date: Wed Apr 08 2020 - 13:25:39 EST

Next message: Linus Torvalds: "Re: [RFC][PATCH 0/3] exec_update_mutex related cleanups"
Previous message: William Breathitt Gray: "Re: [PATCH v2 1/1] counter: cros_ec: Add synchronization sensor"
Next in thread: Eric W. Biederman: "Re: [PATCH 1/3] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 6, 2020 at 6:34 PM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote:
>
> In 2016 Linus moved install_exec_creds immediately after
> setup_new_exec, in binfmt_elf as a cleanup and as part of closing a
> potential information leak.
>
> Perform the same cleanup for the other binary formats

Can we not move it _into_ setup_new_exec() now if you've changed all
the binfmt handlers?

The fewer cases of "this gets called by the low-level handler at
different points" that we have, the better off we'd be, I think. One
of the complexities of our execve() code is that some of it gets
called directly, and some of it gets called by the binfmt handler, and
it's often very hard to see the logic when it jumps out to the binfmt
code and then back to the generic fs/exec.c code..

Linus

Next message: Linus Torvalds: "Re: [RFC][PATCH 0/3] exec_update_mutex related cleanups"
Previous message: William Breathitt Gray: "Re: [PATCH v2 1/1] counter: cros_ec: Add synchronization sensor"
Next in thread: Eric W. Biederman: "Re: [PATCH 1/3] binfmt: Move install_exec_creds after setup_new_exec to match binfmt_elf"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]