From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id BD835CD4F52 for ; Wed, 25 Sep 2024 13:13:12 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 432096B00A8; Wed, 25 Sep 2024 09:13:12 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id 3BB116B00A9; Wed, 25 Sep 2024 09:13:12 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 236006B00AA; Wed, 25 Sep 2024 09:13:12 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0013.hostedemail.com [216.40.44.13]) by kanga.kvack.org (Postfix) with ESMTP id F1CD86B00A8 for ; Wed, 25 Sep 2024 09:13:11 -0400 (EDT) Received: from smtpin01.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay03.hostedemail.com (Postfix) with ESMTP id 9FB5EA0E1E for ; Wed, 25 Sep 2024 13:13:11 +0000 (UTC) X-FDA: 82603301382.01.02F5B7A Received: from out02.mta.xmission.com (out02.mta.xmission.com [166.70.13.232]) by imf19.hostedemail.com (Postfix) with ESMTP id 2FC9B1A000D for ; Wed, 25 Sep 2024 13:13:07 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=xmission.com; spf=pass (imf19.hostedemail.com: domain of ebiederm@xmission.com designates 166.70.13.232 as permitted sender) smtp.mailfrom=ebiederm@xmission.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727269900; a=rsa-sha256; cv=none; b=fuPD1jogCGkhrG5rIvghtqz+zNEFJatX9MHZsvtDyyIOCnoTDG0mJzyCbHtHzNFAaGZRrO JqjsVd0E8uB1bGhdxta7RjAuYDDQoUNjShgnfNJMENnDZDbbIrdDIErv54u1Lhk/3MBN4l xQpyum0CBe/QJ+k1nNIXU/dSFc0KrhE= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=none; dmarc=pass (policy=none) header.from=xmission.com; spf=pass (imf19.hostedemail.com: domain of ebiederm@xmission.com designates 166.70.13.232 as permitted sender) smtp.mailfrom=ebiederm@xmission.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1727269900; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=wYLwWN7085LegV86syEBY0op6j0cbJiqWTJlYTNtqB8=; b=W/SoNk3gmbqCazAsHa1B/iXhsBxyOPWOcrrnxlLM/CHQyoIvbfSHNU3UH8mF3eJ5TOTtgd /K0cI7ObXzpAo8UfvMsGL9AtXlP4OCyWNVgMhz9BsBM6Ic7LJCU1kSjKBZLHDaE0fWlGaG G0C+fVVPMMOL7W1IXeieOatueS88fg4= Received: from in02.mta.xmission.com ([166.70.13.52]:51622) by out02.mta.xmission.com with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1stRpJ-006czo-NF; Wed, 25 Sep 2024 07:13:05 -0600 Received: from ip68-227-165-127.om.om.cox.net ([68.227.165.127]:42346 helo=email.froward.int.ebiederm.org.xmission.com) by in02.mta.xmission.com with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.93) (envelope-from ) id 1stRpI-007JzX-O3; Wed, 25 Sep 2024 07:13:05 -0600 From: "Eric W. Biederman" To: Tycho Andersen Cc: Kees Cook , Alexander Viro , Christian Brauner , Jan Kara , Jeff Layton , Chuck Lever , Alexander Aring , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, linux-kernel@vger.kernel.org, Tycho Andersen , Zbigniew =?utf-8?Q?J=C4=99drzejewski-Szmek?= , Aleksa Sarai References: <20240924141001.116584-1-tycho@tycho.pizza> <87msjx9ciw.fsf@email.froward.int.ebiederm.org> <8D545969-2EFA-419A-B988-74AD0C26020C@kernel.org> Date: Wed, 25 Sep 2024 08:12:29 -0500 In-Reply-To: (Tycho Andersen's message of "Tue, 24 Sep 2024 16:59:33 -0600") Message-ID: <87cykrancy.fsf@email.froward.int.ebiederm.org> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-XM-SPF: eid=1stRpI-007JzX-O3;;;mid=<87cykrancy.fsf@email.froward.int.ebiederm.org>;;;hst=in02.mta.xmission.com;;;ip=68.227.165.127;;;frm=ebiederm@xmission.com;;;spf=pass X-XM-AID: U2FsdGVkX1/yeLOS1QR7U73+X4NTDuprnZz0rCrRSGw= Subject: Re: [RFC] exec: add a flag for "reasonable" execveat() comm X-SA-Exim-Connect-IP: 166.70.13.52 X-SA-Exim-Rcpt-To: cyphar@cyphar.com, zbyszek@in.waw.pl, tandersen@netflix.com, linux-kernel@vger.kernel.org, linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, alex.aring@gmail.com, chuck.lever@oracle.com, jlayton@kernel.org, jack@suse.cz, brauner@kernel.org, viro@zeniv.linux.org.uk, kees@kernel.org, tycho@tycho.pizza X-SA-Exim-Mail-From: ebiederm@xmission.com X-SA-Exim-Scanned: No (on out02.mta.xmission.com); SAEximRunCond expanded to false X-Rspamd-Queue-Id: 2FC9B1A000D X-Rspam-User: X-Rspamd-Server: rspam05 X-Stat-Signature: b5th5hdr1rriuyxczu14wide71ksacsp X-HE-Tag: 1727269987-398438 X-HE-Meta: U2FsdGVkX1+cbUI3HKbnt5XiRgC6FAe4mBYXuSmKwqJIh5wOJe3Jukip3HOyrne3/r31aIvpZkvxTO0eq3n1DaS2950eG16h3V8O/zTfIW21he6JogqddqVYPdQd8GyyqgPBmSaN5BuKUJRLwpZfr1TjkArhFwhWzE13VkmhFWY9c7REmOwmw8FIz/DvTfib6b7PpeorH5uAxSxxIRTQtH1rSer4X0B0sZpPyZbQMobAkN2VyXhGKnih8k3addSgo5mWJdQQBxONUSCiu4NKk8+e4g3tybY6laUSy5Pg7hhcQkhPgVmKDArZSSmnEoRkxSKGjzZAMcNd5vkYvP9lhV2mZeMZ2ZPTe5PjmYmxwli0zkro8zcWd+bO3XRL00gt5IISTsJ3GDZJa/Dqtyky1XwaFH8gpTDz/t4J41hDgvn41yCtJPoE8maR/G3eFJB4dsr6wD79HiQsdTQoFIrSyOyguMN7ZLlmlimg7W4CnyL9mL0ke00OjUULjowFVcRZRHXHA9l/s4tOEgMBnvblF+KHZH3t5SmXoxyq8aodZOk/oXMV/g3CHIw0GRPSCh52qwzcs5Jbu5u7EAjl5VkW2Y8g564mNNXHcfB5kDbQkM1gKZmc3L5p8/dS8vHjBDN7jZNm+a5H7EI3ciyC2yv4hqRf97dEoDxnL8G3ShiON5sulnnqi6/isCkye0hU8jeViAdKS4ytmQstW2uQ1dSLMrx+VoBuTeKNhCugQtG6pyACub4Wuab1p3FgW7k5CJ/otkff96rBnaiTa2nYoJI4uU6XquKgSRuymtMlvfsaO+q8CnVG+IhaqvDm8cdlkoqt500V+QxOp8znh+5BoJwGXX3wWzYzNzqtqbdkMe/TLFMT78/LgW3H/WxaFDsJAuuNMBfwMnAoPwXcS6p5IHGmjcTL/W7xDDUKYK86MT0zXiR3ATkFIVhFE2JZxwk7WUq+JiKjCCg2p6YF/VnVn8x NsqOqeGZ IZMD7NSRHfu3SQjaXZaKtSgPaNudCTc5cBF/xgBblYKPv/GeOju8317RrJAB1OWkCWyQWIBZISEin2eLvyFs0mIfj6A== X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: Tycho Andersen writes: > Yeah, on second thought we could do something like: > > diff --git a/fs/exec.c b/fs/exec.c > index 36434feddb7b..a45ea270cc43 100644 > --- a/fs/exec.c > +++ b/fs/exec.c > @@ -1416,7 +1416,10 @@ int begin_new_exec(struct linux_binprm * bprm) > set_dumpable(current->mm, SUID_DUMP_USER); > > perf_event_exec(); > - __set_task_comm(me, kbasename(bprm->filename), true); > + if (needs_comm_fixup) > + __set_task_comm(me, argv0, true); ^^^^^ nit: make that kbasename(argv0) The typical case is for applications to use the filename as argv0, at which point the directories in the pathname are just noise. With only 16 characters in TASK_COMM we want to keep the noise down. Eric