From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id E4DDEC001B0 for ; Thu, 10 Aug 2023 20:25:00 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4BA6E6B0071; Thu, 10 Aug 2023 16:25:00 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 469E66B0072; Thu, 10 Aug 2023 16:25:00 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 332096B0074; Thu, 10 Aug 2023 16:25:00 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0010.hostedemail.com [216.40.44.10]) by kanga.kvack.org (Postfix) with ESMTP id 242526B0071 for ; Thu, 10 Aug 2023 16:25:00 -0400 (EDT) Received: from smtpin06.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay10.hostedemail.com (Postfix) with ESMTP id D59AAC015F for ; Thu, 10 Aug 2023 20:24:59 +0000 (UTC) X-FDA: 81109323918.06.187D249 Received: from mail-pl1-f173.google.com (mail-pl1-f173.google.com [209.85.214.173]) by imf26.hostedemail.com (Postfix) with ESMTP id E496F140015 for ; Thu, 10 Aug 2023 20:24:57 +0000 (UTC) Authentication-Results: imf26.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=WVn7sjVd; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf26.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.173 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691699098; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=xy0ZzzcwPkDGoYyfp8G52RWYy9ra1kyCRMs7iLe6dOM=; b=nJVUbPu6UZddKG+py6zai7/bGUfa785klebSZhuHb9pF/LYj4KT9VCYdrSV18Np2xOQPpW kavnwzBAnLm+3GElw1WqZ2b4tr6aEwSfP7ldTLrekhwbydotFEm6WA0L3oL0hUmyqFgVlp TfLowlgXO2zW38w12MlAF1uqCEs5Dow= ARC-Authentication-Results: i=1; imf26.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b=WVn7sjVd; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf26.hostedemail.com: domain of keescook@chromium.org designates 209.85.214.173 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691699098; a=rsa-sha256; cv=none; b=0pLiyYxkDdOmovlX2ZAT4IlxZB+O4miXt12YBfqloLGu8mRlJ0qAYBgTAZx9ojzrBL3vew gQvUGpaspG7zuPo/pFNR2QVfYat5/FBW7G3gknx97baQZNEaxnOaiSG7exsKhgyQOJsY6j eabADXbwJjlpT/GKKHGwOwRBNwy6Eng= Received: by mail-pl1-f173.google.com with SMTP id d9443c01a7336-1bc5acc627dso10187155ad.1 for ; Thu, 10 Aug 2023 13:24:57 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1691699097; x=1692303897; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date:from:to :cc:subject:date:message-id:reply-to; bh=xy0ZzzcwPkDGoYyfp8G52RWYy9ra1kyCRMs7iLe6dOM=; b=WVn7sjVdqUXJGmbRG17ELCWUvCBq6PaDsFvR/3vAawRgPj35EebnPSDrmbfE8JvFfw rcCxwxkNg4e36yNnWnTJ91RoiGMGYb+wm+5hhqSi4t91tpm593Y36YA7CLh6EDJsUCSw jKThFXGXVNhIIyy1Wf768qsgPR3ZOXAw7YCzQ= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1691699097; x=1692303897; h=in-reply-to:content-transfer-encoding:content-disposition :mime-version:references:message-id:subject:cc:to:from:date :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=xy0ZzzcwPkDGoYyfp8G52RWYy9ra1kyCRMs7iLe6dOM=; b=be1mEV8AZO2fj0zZ85QMOiPiK0se7or/KvI7FYhMqKU4fm6Vf7HHEh0GVBHlHBp2Y7 sEs+mJc76RgwyZq2S/5fYrdxkYPzP7qmtZMf1kep6ViQJl1iZxjwJlkS7ZwqeQRNJaSz pupmyxc2QsITOF9APp3hiwuEGUYRoVas+DyAVmjDyzql8Kiflwb2xDfawC2Xfp0ET8iP YVKGoxDGybte9baMl14p1/0qvleMi8U+SNw5CwxZgFy6jZBF9AoHR1ibmTFANhzbUoUP Yoegh5NeuAXwYIAoYuPGYG85ETWjFAj7G3xGspINc7JMAcvzo4Jw9Wj8hZWbgAwm362I kwvA== X-Gm-Message-State: AOJu0YyIDX7ik7Pl3CBzhqxVaeKqAbtDlKmPwj732qu3Sj9IZffQM0mH xMOzSJ5HRRbplZUO2FsyO69W2w== X-Google-Smtp-Source: AGHT+IGSDGQbaaRP58KsSs6NslB0II9aNb+59mDIfWR0dtapfFh0VJmGfPV7n6lF8qWKKUYcP3g4FA== X-Received: by 2002:a17:903:2444:b0:1b5:edd:e3c7 with SMTP id l4-20020a170903244400b001b50edde3c7mr3406756pls.16.1691699096740; Thu, 10 Aug 2023 13:24:56 -0700 (PDT) Received: from www.outflux.net (198-0-35-241-static.hfc.comcastbusiness.net. [198.0.35.241]) by smtp.gmail.com with ESMTPSA id c18-20020a170903235200b001b8b07bc600sm2183878plh.186.2023.08.10.13.24.56 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 10 Aug 2023 13:24:56 -0700 (PDT) Date: Thu, 10 Aug 2023 13:24:55 -0700 From: Kees Cook To: Pali =?iso-8859-1?Q?Roh=E1r?= Cc: Kees Cook , Eric Biederman , linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: binfmt_misc & different PE binaries Message-ID: <202308101323.F17474FEB6@keescook> References: <20230706115550.sqyh3k26e2glz2lu@pali> <20230806162346.v7gjoev2nepxlcox@pali> <20230807170852.yefmkcqwum6gdao6@pali> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20230807170852.yefmkcqwum6gdao6@pali> X-Rspam-User: X-Stat-Signature: ddncggi79115rews7i97tmb55ngxcq7q X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: E496F140015 X-HE-Tag: 1691699097-751833 X-HE-Meta: U2FsdGVkX1+/M9+S/bvje5P5946uwvEK5epRyM6xvQPdehuriS3b9vRGlaufxsi8wlJOlnXMEY13drSqOD2VTfJ/ycdTQnzUp2SJhisKEo3HALxwq+Uq+xPGR8ylT5SxYDWLCcHlRSBy2rJ3opYgxzzmHi7OYFAXpnrnlBGA2Ibk5xtnlCZWAmD41+/Tjqy3xeb35hKhTC0PzNnHxnr+bInbQ8vonENeBioWjC76pGeDBDB4gEd7zOZbayn/LoS2P+SPskLLaoSQI4CMYDEgrJfDPEJlaOjD5SEK+yfttK39e/B5bkHTxb6PjJRSO1HZ/gZ27+yrNht1fFnaTTVLeEA7UBsZgJBH1aPwH1EqKj0HP1CVg6pmtok6f1M5CrygNO5jpJ1veqHVPbB3HJ+0hUphvtYka4P1TGJ4jZmdKOdK8Mruh9PmjGxQZTVARjfHLGt2B3eIibJms+qwyja4qsF/LfI8/KAdgXJQtabu057EwyEaMtY/JwcyOybwojcvnWpGCGWhbrL+tiv7x0V7j5ViuLjMnlJTQkdWGPiWhO4NjNue+i7ctspGB2TUSRVU0X5vf3KZ9H7EpMqctax1j8uiiDyW4R4aFqWENz8JkomjM2VD109awVuLd0aFqPBFzc6Zhz9/8VAG20WUBQDUX+rvLJ78kOI22WNXpQfzEGRrDgXolneMhoj16dnHtNd9fEiMlrBmsZKOUavu9BSZm0vSMED8+VYtTL2spNxC7p8G2DrhwhtN/E3niCSwaEw4SkR2R6Xlfu0OfZ8PW/cEZRxxj+Y5XJR5cdE5y9JJhwTUDx8d2Pj0BAm8ozu3bpAxgykCVrnJ4pwF8CZjeGGooGFGy21tNYY5jDtvz5n3dMfOs+hpVXeMF7FnUk5/KG0CIJTNLLqUlemd4dCojN3WdBISMhYAR6lVsHdvurtdykIs62ou3HMX24l9Kjr/jMBPGfRn1i7h9T1aY5vxkry DUcZtAZ8 HnE0fX+g/66y5l0xDsmGa0+DGfWJGbhcr3Xdljf90QZU8dvhhfI+IE/JJCKEt5JWs3RLZ76g20r81W3W5Q+/UTqalg/DZRPO7H1Nf250oFzhG4g269vKN61keyfh6x4fMLd/fOcft6n4iJb8cxSMANzUS36Ynqv5kEjPQq522uk/HHqjt2ZowF5XQwVYp6/Px2zillLunXVrkW7SGDtYzk3etGHEhE8oBx9Lu+JbjI8jSvz2zMUfyDjbrQ2qE62Fdj6mq4HPBHdC3pep8TJ9iWgCVBf9cUelJw5rNUtqp9YnINgSmDru0Wbq1AY3eRHuaG+YrFyRrFMzS5qNhBMKsRAeA04zphM5KeT3kvWyvk5k2iEw4wpEVFiWmWgqb/AQBj2hx59Vd0pJWTBGJyidGLA5wibZCuiIBvRW5bNcEl2DxYzt8am2GUpJnInsMON4yoqLVuGlLz8iageg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000561, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On Mon, Aug 07, 2023 at 07:08:52PM +0200, Pali Rohár wrote: > On Monday 07 August 2023 07:45:08 Kees Cook wrote: > > On August 6, 2023 9:23:46 AM PDT, "Pali Rohár" wrote: > > >Hello, I would like to remind this email about binfmt_misc for PE. > > > > > >On Thursday 06 July 2023 13:55:50 Pali Rohár wrote: > > >> Hello, > > >> > > >> I would like to ask how to properly register binfmt_misc for different > > >> PE binaries, so kernel could execute the correct loader for them. > > >> > > >> I mean, how to register support for Win32 (console/gui) PE binaries and > > >> also for CLR PE binaries (dotnet). Win32 needs to be executed under wine > > >> and CLR ideally under dotnet core (or mono). > > >> > > >> I have read kernel documentation files admin-guide/binfmt-misc.rst > > >> and admin-guide/mono.rst. But seems that they are in conflicts as both > > >> wants to registers its own handler for the same magic: > > >> > > >> echo ':DOSWin:M::MZ::/usr/local/bin/wine:' > register > > >> > > >> echo ':CLR:M::MZ::/usr/bin/mono:' > /proc/sys/fs/binfmt_misc/register > > >> > > >> Not mentioning the fact that they register DOS MZ handler, which matches > > >> not only all PE binaries (including EFI, libraries, other processors), > > >> but also all kind of other NE/LE/LX binaries and different DOS extenders. > > >> > > >> From documentation it looks like that even registering PE binaries is > > >> impossible by binfmt_misc as PE is detected by checking that indirect > > >> reference from 0x3C is PE\0\0. And distinguish between Win32 and CLR > > >> needs to parse PE COM descriptor directory. > > >> > > >> Or it is possible to write binfmt_misc pattern match based on indirect > > >> offset? > > > > Normally a single userspace program will be registered and it can do whatever it needs to do to further distinguish the binary and hand it off to the appropriate loader. > > Ok, so you are saying that there should be one userspace program which > distinguish between DOS, CLR and Win32 and then exec the correct > "runtime" loader? Is there such one? Also it would be nice to mention it > in the documentation. I've not spent much time with it, but I think Wine can be set up to do this? Anyway, I'm happy to apply Documentation patches, if you want to send changes that would make things more clear. :) -Kees -- Kees Cook