On Fri, Aug 20, 2021 at 7:36 AM Eric W. Biederman <ebiederm@xxxxxxxxxxxx> wrote: > > I think this check is there to keep from changing /proc/self/exe > arbitrarily. Well, you pretty much can already. You just have to jump through a few hoops. > Maybe it is all completely silly and we should not care about the code > that thinks /proc/self/exe is a reliable measure of anything, but short > of that I think we should either keep the code or put in some careful > thought as to which restrictions make sense when changing > /proc/self/exe. I think the important ones are already there: checking that it is (a) an executable and (b) that we have execute permission to it. I also think the code is actually racy - while we are checking "did the old mm_exe file have any mappings", there's nothing that keeps another thread from changing the exe file to another one that _does_ have mappings, and then we'll happily replace it with yet another file because we checked the old one, not the new one it was replaced by in the meantime. Of course, that "race" doesn't really matter - exactly because this isn't about security, it's just a random "let's test that immaterial thing, and we don't actually care about corner cases". So I'm not saying that race needs to be fixed - I'm just pointing it out as an example of how nonsensical the test really is. It's not fundamental to anything, it's just a random "let's test this odd condition". That said, I don't care _that_ much. I'm happy with David's series, I just think that once we don't do this at a mmap level any more, the "go look for mappings" code makes little sense. So we can leave it, and remove it later if people agree. Linus