[PATCH 7/7] exec: Implement kernel_execve
David Laight
David.Laight at ACULAB.COM
Wed Jul 15 14:55:50 UTC 2020
From: Christoph Hellwig
> Sent: 15 July 2020 07:43
> Subject: Re: [PATCH 7/7] exec: Implement kernel_execve
>
> On Tue, Jul 14, 2020 at 02:49:23PM -0700, Kees Cook wrote:
> > On Tue, Jul 14, 2020 at 08:31:40AM -0500, Eric W. Biederman wrote:
> > > +static int count_strings_kernel(const char *const *argv)
> > > +{
> > > + int i;
> > > +
> > > + if (!argv)
> > > + return 0;
> > > +
> > > + for (i = 0; argv[i]; ++i) {
> > > + if (i >= MAX_ARG_STRINGS)
> > > + return -E2BIG;
> > > + if (fatal_signal_pending(current))
> > > + return -ERESTARTNOHAND;
> > > + cond_resched();
> > > + }
> > > + return i;
> > > +}
> >
> > I notice count() is only ever called with MAX_ARG_STRINGS. Perhaps
> > refactor that too? (And maybe rename it to count_strings_user()?)
Thinks....
If you setup env[] and argv[] on the new user stack early in exec processing
then you may not need any limits at all - except the size of the user stack.
Even the get_user() loop will hit an invalid address before the counter
wraps (provided it is unsigned long).
David
-
Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK
Registration No: 1397386 (Wales)
More information about the Linux-security-module-archive
mailing list