Re: [PATCH v3 1/2] exec: add PR_HIDE_SELF_EXE prctl

From: Colin Walters
Date: Mon Jan 30 2023 - 16:53:31 EST

Next message: David Howells: "Re: [GIT PULL] iov_iter: Improve page extraction (pin or just list)"
Previous message: Wesley Cheng: "Re: [RFC PATCH v2 08/22] ASoC: dt-bindings: Add USB_RX port"
In reply to: Christian Brauner: "Re: [PATCH v3 1/2] exec: add PR_HIDE_SELF_EXE prctl"
Next in thread: Giuseppe Scrivano: "Re: [PATCH v3 1/2] exec: add PR_HIDE_SELF_EXE prctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Jan 30, 2023, at 5:06 AM, Christian Brauner wrote:

> The good thing is that - even if it will take a longer - that Aleksa's
> patchset will provide a more general solution by making it possible for
> runc/crun/lxc to open the target binary with a restricted upgrade mask
> making it impossible to open the binary read-write again. This won't
> break criu and will fix this issue and is generally useful.

Had to go back up thread more carefully; looking at the referenced commits now in
https://github.com/cyphar/linux/commits/magiclink/open_how-reopen
I do agree that that direction is the most elegant. The main downside I can think of is the potential blast radius is larger, and more nontrivial code.

But...in practice I guess today for the runc/crun type attacks today there are commonly multiple mitigations (e.g. read-only rootfs, multiple LSMs, and finally the memfd copy fallback) so we can probably wait for that patchset to land.

In short: agreed!

Next message: David Howells: "Re: [GIT PULL] iov_iter: Improve page extraction (pin or just list)"
Previous message: Wesley Cheng: "Re: [RFC PATCH v2 08/22] ASoC: dt-bindings: Add USB_RX port"
In reply to: Christian Brauner: "Re: [PATCH v3 1/2] exec: add PR_HIDE_SELF_EXE prctl"
Next in thread: Giuseppe Scrivano: "Re: [PATCH v3 1/2] exec: add PR_HIDE_SELF_EXE prctl"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]