[PATCH v2 7/8] exec: Generic execfd support
Eric W. Biederman
ebiederm at xmission.com
Fri May 22 13:35:06 UTC 2020
Rob Landley <rob at landley.net> writes:
> On 5/21/20 10:28 PM, Eric W. Biederman wrote:
>>
>> Rob Landley <rob at landley.net> writes:
>>
>>> On 5/20/20 11:05 AM, Eric W. Biederman wrote:
>>
>>>> The file descriptor is stored in mm->exe_file.
>>>> Probably the most straight forward implementation is to allow
>>>> execveat(AT_EXE_FILE, ...).
>>>
>>> Cool, that works.
>>>
>>>> You can look at binfmt_misc for how to reopen an open file descriptor.
>>>
>>> Added to the todo heap.
>>
>> Yes I don't think it would be a lot of code.
>>
>> I think you might be better served with clone(CLONE_VM) as it doesn't
>> block so you don't need to feed yourself your context over a pipe.
>
> Except that doesn't fix it.
>
> Yes I could use threads instead, but the cure is worse than the disease and the
> result is your shell background processes are threads rather than independent
> processes (is $$ reporting PID or TID, I really don't want to go
> there).
I was just suggesting clone(CLONE_VM) because it creates a thread in a
separate process. Which on nommu sounds like it could be almost exactly
what you want.
If you need the separate copies of all of your global variables etc,
re-exec'ing your self could be the easier way to go.
Eric
More information about the Linux-security-module-archive
mailing list