[PATCH v2 7/8] exec: Generic execfd support

Eric W. Biederman ebiederm at xmission.com
Fri May 22 13:35:06 UTC 2020

Rob Landley <rob at landley.net> writes:

> On 5/21/20 10:28 PM, Eric W. Biederman wrote:
>> Rob Landley <rob at landley.net> writes:
>>> On 5/20/20 11:05 AM, Eric W. Biederman wrote:
>>>> The file descriptor is stored in mm->exe_file.
>>>> Probably the most straight forward implementation is to allow
>>>> execveat(AT_EXE_FILE, ...).
>>> Cool, that works.
>>>> You can look at binfmt_misc for how to reopen an open file descriptor.
>>> Added to the todo heap.
>> Yes I don't think it would be a lot of code.
>> I think you might be better served with clone(CLONE_VM) as it doesn't
>> block so you don't need to feed yourself your context over a pipe.
> Except that doesn't fix it.
> Yes I could use threads instead, but the cure is worse than the disease and the
> result is your shell background processes are threads rather than independent
> processes (is $$ reporting PID or TID, I really don't want to go
> there).

I was just suggesting clone(CLONE_VM) because it creates a thread in a
separate process.  Which on nommu sounds like it could be almost exactly
what you want.

If you need the separate copies of all of your global variables etc,
re-exec'ing your self could be the easier way to go.


More information about the Linux-security-module-archive mailing list