From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) by sourceware.org (Postfix) with ESMTPS id 851E13858C2C for ; Tue, 23 Nov 2021 16:50:59 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 851E13858C2C Received: from mimecast-mx01.redhat.com (mimecast-mx01.redhat.com [209.132.183.4]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-175-dNLtBXIaOmGt1a_Mehqttw-1; Tue, 23 Nov 2021 11:50:54 -0500 X-MC-Unique: dNLtBXIaOmGt1a_Mehqttw-1 Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx01.redhat.com (Postfix) with ESMTPS id 7D27A87D559; Tue, 23 Nov 2021 16:50:53 +0000 (UTC) Received: from oldenburg.str.redhat.com (unknown [10.39.192.29]) by smtp.corp.redhat.com (Postfix) with ESMTPS id CC7D09329; Tue, 23 Nov 2021 16:50:51 +0000 (UTC) From: Florian Weimer To: Adhemerval Zanella Cc: jma14 , John Mellor-Crummey , libc-alpha@sourceware.org, "Mark W. Krentel" , Xiaozhu Meng Subject: Re: Fwd: [PATCH v5 00/22] Some rtld-audit fixes References: <20211122114629.Horde._rW0tgxbf_wCwsiLyKcms3g@webmail.rice.edu> <87tug3rmv7.fsf@oldenburg.str.redhat.com> Date: Tue, 23 Nov 2021 17:50:49 +0100 In-Reply-To: (Adhemerval Zanella's message of "Tue, 23 Nov 2021 13:25:43 -0300") Message-ID: <87sfvmrf2u.fsf@oldenburg.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.2 (gnu/linux) MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Type: text/plain X-Spam-Status: No, score=-6.6 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, RCVD_IN_DNSWL_LOW, RCVD_IN_MSPIKE_H4, RCVD_IN_MSPIKE_WL, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Nov 2021 16:51:01 -0000 * Adhemerval Zanella: > On 23/11/2021 11:02, Florian Weimer wrote: >> * Adhemerval Zanella: >> >>> In fact I think rather than using the argv[0], since it passing the >>> executable path is just a convention; I think it would be better to >>> use AT_EXECFN. On recent kernel it is always passed to userland and >>> kernel should be responsible to hide any filesystem information if it >>> is required. >> >> It's still a relative path to an unknown directory, I think. I expect >> (but have not checked) that it is the pathname argument to execveat, >> which may not be meaningful to the new process image. > > Yes, but it better than _dl_argv[0] and/or an empty string. Without > proper kernel support we can not reliable get the path, in fact the > kernel might in fact hides it on purpose. I'm worried that if we put a path-looking string there, programmers will assume it is THE path to the executable. With SUID programs, that looks like a recipe for security vulnerabilities. These users need to use /proc/self/exe and give up if that's not available. Thanks, Florian