On Tue, Jul 14, 2020 at 08:29:36AM -0500, Eric W. Biederman wrote: > > Currently it is necessary for the usermode helper code and the code > that launches init to use set_fs so that pages coming from the kernel > look like they are coming from userspace. > > To allow that usage of set_fs to be removed cleanly the argument > copying from userspace needs to happen earlier. Move the computation > of bprm->filename and possible allocation of a name in the case > of execveat into alloc_bprm to make that possible. > > The exectuable name, the arguments, and the environment are > copied into the new usermode stack which is stored in bprm > until exec passes the point of no return. > > As the executable name is copied first onto the usermode stack > it needs to be known. As there are no dependencies to computing > the executable name, compute it early in alloc_bprm. > > As an implementation detail if the filename needs to be generated > because it embeds a file descriptor store that filename in a new field > bprm->fdpath, and free it in free_bprm. Previously this was done in > an independent variable pathbuf. I have renamed pathbuf fdpath > because fdpath is more suggestive of what kind of path is in the > variable. I moved fdpath into struct linux_binprm because it is > tightly tied to the other variables in struct linux_binprm, and as > such is needed to allow the call alloc_binprm to move. > > Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Reviewed-by: Kees Cook <keescook@xxxxxxxxxxxx> -- Kees Cook
