On Fri, Jul 7, 2017 at 3:13 PM, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
>
> I wonder if we could collapse all the secureexec logic in
> setup_new_exec.
Probably.
Some of our insane calls back-and-forth between different layers are
due to people abstracting things out and trying very hard to keep old
(and bad) orderings without trying to really determine if they are the
right thing to do.
We *have* occasionally collapsed things when it became obvious just
how crazy things were, but not very often.
There's another thing that I _think_ should be cleaned up:
install_exec_creds(bprm);
should also be moved into setup_new_exec().
It used to be at a different point in the load sequence, but we fixed
all that up in the ELF loader, but we kept it in the *callers* because
some of the old loaders have different sequences.
But it's quite likely that all the other loaders should be fixed to do
what ELF does. I think they currently have the odd old semantics that
they may load the binary using the old permissions, so a suid binary
needs to be readable by non-root users (which is just stupid).
But it's nasty nasty work to go through and check what subtle things
might change.
Which is why nobody ever does it ;(
Linus
