linux/include
Stanislav Kinsburskiy 3fb4afd9a5 prctl: remove one-shot limitation for changing exe link
This limitation came with the reason to remove "another way for
malicious code to obscure a compromised program and masquerade as a
benign process" by allowing "security-concious program can use this
prctl once during its early initialization to ensure the prctl cannot
later be abused for this purpose":

    http://marc.info/?l=linux-kernel&m=133160684517468&w=2

This explanation doesn't look sufficient.  The only thing "exe" link is
indicating is the file, used to execve, which is basically nothing and
not reliable immediately after process has returned from execve system
call.

Moreover, to use this feture, all the mappings to previous exe file have
to be unmapped and all the new exe file permissions must be satisfied.

Which means, that changing exe link is very similar to calling execve on
the binary.

The need to remove this limitations comes from migration of NFS mount
point, which is not accessible during restore and replaced by other file
system.  Because of this exe link has to be changed twice.

[akpm@linux-foundation.org: fix up comment]
Link: http://lkml.kernel.org/r/20160927153755.9337.69650.stgit@localhost.localdomain
Signed-off-by: Stanislav Kinsburskiy <skinsbursky@virtuozzo.com>
Acked-by: Oleg Nesterov <oleg@redhat.com>
Acked-by: Cyrill Gorcunov <gorcunov@openvz.org>
Cc: Peter Zijlstra <peterz@infradead.org>
Cc: Ingo Molnar <mingo@redhat.com>
Cc: Michal Hocko <mhocko@suse.com>
Cc: Kees Cook <keescook@chromium.org>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: John Stultz <john.stultz@linaro.org>
Cc: Matt Helsley <matthltc@us.ibm.com>
Cc: Pavel Emelyanov <xemul@virtuozzo.com>
Cc: Vlastimil Babka <vbabka@suse.cz>
Cc: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2016-12-12 18:55:06 -08:00
..
acpi Merge branches 'acpica-fixes', 'acpi-cppc-fixes' and 'acpi-tools-fixes' 2016-11-18 21:34:42 +01:00
asm-generic Merge branch 'sched-core-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-12 12:15:10 -08:00
clocksource
crypto crypto: drbg - prevent invalid SG mappings 2016-11-30 19:46:44 +08:00
drm drm: Don't force all planes to be added to the state due to zpos 2016-10-26 18:48:05 +02:00
dt-bindings dt-bindings: net: add EEE capability constants 2016-11-29 19:38:31 -05:00
keys
kvm
linux prctl: remove one-shot limitation for changing exe link 2016-12-12 18:55:06 -08:00
math-emu
media
memory
misc
net Three fixes: 2016-12-09 22:59:05 -05:00
pcmcia
ras
rdma Merge of primary rdma-core code for 4.9 2016-10-09 17:04:33 -07:00
rxrpc
scsi
soc powerpc updates for 4.9 #2 2016-10-14 11:07:42 -07:00
sound
target target: Make EXTENDED_COPY 0xe4 failure return COPY TARGET DEVICE NOT REACHABLE 2016-10-19 21:22:32 -07:00
trace Merge branch 'core-rcu-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip 2016-12-12 09:09:54 -08:00
uapi net: l2tp: deprecate PPPOL2TP_MSG_* in favour of L2TP_MSG_* 2016-12-10 23:29:11 -05:00
video fbdev changes for 4.9 2016-10-12 11:01:37 -07:00
xen
Kbuild