On Sat, Jul 30, 2016 at 12:31:40PM -0500, Eric W. Biederman wrote: ... > > It is necessary to look at the ordinary situation. Without > prctl_set_mm_exe /proc/[pid]/exe can be counted on as a record > of which executable was last passed to execve.
True. > Furthermore the state of a process can be counted on to be a state > reachable from calling execve on /proc/[pid]/exe. Absolutely not. The state is valid until kernel jumped back to userspace and give control to an interpretator. > Which means to preserve those expectations prctl_set_mm_exe_file should > in practice just be a nicer less cumbersome interface to things you can > already achieve with execve. > > Justifying removale of the one-short nature for prctl_set_mm_exe_file > is as straight forward as noting that a process can call execve on > any executable file. > > However when I compare the invariants that execve has on a file (such as > the executable being mmaped) I see some noticable disparities between > what prctl_set_mm_exe_file allows and what execve allows. With > prctl_set_mm_exe being less strict. > > So what I am requesting is very simple. That the checks in > prctl_set_mm_exe_file be tightened up to more closely approach what > execve requires. Thus preserving the value of the /proc/[pid]/exe for > the applications that want to use the exe link. > > Once the checks in prctl_set_mm_exe_file are tightened up please feel > free to remove the one shot test. Thanks a huge for the detailed explanation, but i don't agree here because assuming that state of a process reachable from calling execve on /proc/[pid]/exe is not always true.
