Re: [PATCH v2 1/2] exec: add a flag for "reasonable" execveat() comm

From: Tycho Andersen
Date: Tue Oct 01 2024 - 09:43:56 EST


On Mon, Sep 30, 2024 at 03:10:29PM -0500, Eric W. Biederman wrote:
> "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> writes:
>
> > Kees Cook <kees@xxxxxxxxxx> writes:
>
> >> I'm not super comfortable doing this regardless of bprm->fdpath; that
> >> seems like too many cases getting changed. Can we just leave it as
> >> depending on bprm->fdpath?
>
> I was recommending that because I did not expect that there was any
> widespread usage of aliasing of binary names using symlinks.
>
> I realized today that on debian there are many aliases
> of binaries created with the /etc/alternatives mechanism.
> So there is much wider exposure to problems than I would have
> supposed.
>
> So I remove any objections to making the new code conditional on bprm->fdpath.

Yep, and it looks like Alpine distributes busybox with symlinks
instead of hard links. I will respin with a fixed subject line shortly.

Thanks,

Tycho