• Eric W. Biederman's avatar
    exec: Generic execfd support · b8a61c9e
    Eric W. Biederman authored
    Most of the support for passing the file descriptor of an executable
    to an interpreter already lives in the generic code and in binfmt_elf.
    Rework the fields in binfmt_elf that deal with executable file
    descriptor passing to make executable file descriptor passing a first
    class concept.
    
    Move the fd_install from binfmt_misc into begin_new_exec after the new
    creds have been installed.  This means that accessing the file through
    /proc/<pid>/fd/N is able to see the creds for the new executable
    before allowing access to the new executables files.
    
    Performing the install of the executables file descriptor after
    the point of no return also means that nothing special needs to
    be done on error.  The exiting of the process will close all
    of it's open files.
    
    Move the would_dump from binfmt_misc into begin_new_exec right
    after would_dump is called on the bprm->file.  This makes it
    obvious this case exists and that no nesting of bprm->file is
    currently supported.
    
    In binfmt_misc the movement of fd_install into generic code means
    that it's special error exit path is no longer needed.
    
    Link: https://lkml.kernel.org/r/87y2poyd91.fsf_-_@x220.int.ebiederm.orgAcked-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    Reviewed-by: default avatarKees Cook <keescook@chromium.org>
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    b8a61c9e
exec.c 48.8 KB