On Tue, Nov 08, 2016 at 04:18:13PM -0800, Josh Triplett wrote:
> This prepares for making prctl optional.
>
> Signed-off-by: Josh Triplett <josh@xxxxxxxxxxxxxxxx>
> +
...
> +static int prctl_set_mm_exe_file(struct mm_struct *mm, unsigned int fd)
> +{
> + struct fd exe;
> + struct file *old_exe, *exe_file;
> + struct inode *inode;
> + int err;
> +
> + exe = fdget(fd);
> + if (!exe.file)
> + return -EBADF;
> +
> + inode = file_inode(exe.file);
> +
> + /*
> + * Because the original mm->exe_file points to executable file, make
> + * sure that this one is executable as well, to avoid breaking an
> + * overall picture.
> + */
> + err = -EACCES;
> + if (!S_ISREG(inode->i_mode) || path_noexec(&exe.file->f_path))
> + goto exit;
> +
> + err = inode_permission(inode, MAY_EXEC);
> + if (err)
> + goto exit;
> +
> + /*
> + * Forbid mm->exe_file change if old file still mapped.
> + */
> + exe_file = get_mm_exe_file(mm);
> + err = -EBUSY;
> + if (exe_file) {
> + struct vm_area_struct *vma;
> +
> + down_read(&mm->mmap_sem);
> + for (vma = mm->mmap; vma; vma = vma->vm_next) {
> + if (!vma->vm_file)
> + continue;
> + if (path_equal(&vma->vm_file->f_path,
> + &exe_file->f_path))
> + goto exit_err;
> + }
> +
> + up_read(&mm->mmap_sem);
> + fput(exe_file);
> + }
> +
> + /*
> + * The symlink can be changed only once, just to disallow arbitrary
> + * transitions malicious software might bring in. This means one
> + * could make a snapshot over all processes running and monitor
> + * /proc/pid/exe changes to notice unusual activity if needed.
> + */
> + err = -EPERM;
> + if (test_and_set_bit(MMF_EXE_FILE_CHANGED, &mm->flags))
> + goto exit;
IIRC this snippet has been dropped in linux-next tree. Stas CC'ed.
The rest looks cool for me. Thanks!
Reviewed-by: Cyrill Gorcunov <gorcunov@xxxxxxxxxx>
--
To unsubscribe from this list: send the line "unsubscribe linux-api" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
