From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 91ABFC41513 for ; Mon, 7 Aug 2023 14:45:16 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DF3E56B0072; Mon, 7 Aug 2023 10:45:15 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id DA3BD6B0074; Mon, 7 Aug 2023 10:45:15 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id C93346B0075; Mon, 7 Aug 2023 10:45:15 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16]) by kanga.kvack.org (Postfix) with ESMTP id BB3E46B0072 for ; Mon, 7 Aug 2023 10:45:15 -0400 (EDT) Received: from smtpin30.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay01.hostedemail.com (Postfix) with ESMTP id 8209B1C99E6 for ; Mon, 7 Aug 2023 14:45:15 +0000 (UTC) X-FDA: 81097581390.30.F2BFD3C Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf01.hostedemail.com (Postfix) with ESMTP id 8E25040012 for ; Mon, 7 Aug 2023 14:45:13 +0000 (UTC) Authentication-Results: imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=YQ2NHZ70; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1691419513; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=QjQ3DEyVE9+VN9nFLr+5WI+x8UPWeJhCDao5Es/OMD0=; b=UEi2WtIAGsLebN/xPWHog8sQBBuDnUZ61/m6I3rscddXC73mtnT2BsqAKRV/cHtV9gXvC8 FAvgoky9M7x5Z7RKsvChBPZtLfzQ1tu8VdE7tgsgAqq9RkKgsE+6P09DDdWMeIfaIP00rO sa5mb8yp90XZR6tHAUgzWoNEQbEcLwE= ARC-Authentication-Results: i=1; imf01.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=YQ2NHZ70; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf01.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1691419513; a=rsa-sha256; cv=none; b=3z4SLITkHdeWBMjebVMlK7c0wu92U4X6+DWjLUqGO8XGTR5/ydxnrzjkcOma1E0QAluJvU o0jBUaE5JXatUXvQ5WntpBFCaY7H0HP2zN8sBZFoBQoPbSVb5AFKiw239N8TI9fP+Qul+Y 3c91/stkvK0tpsmAEyvnNO6gTZzc+R8= Received: from smtp.kernel.org (relay.kernel.org [52.25.139.140]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by dfw.source.kernel.org (Postfix) with ESMTPS id DD88161D63; Mon, 7 Aug 2023 14:45:10 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id 31F1BC433C7; Mon, 7 Aug 2023 14:45:10 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1691419510; bh=WSFD2bQVy6auzw96zhXrwKZKxc5XrsGkGJntb9ZP/4c=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=YQ2NHZ709ZPBfz767TYgsEfLBlbLGDdaUOcyZ+w4lteLGcMIynJ28+Q9pBzZ4QMou +P9BhMUpAv9wQsEWfUIEUVGA9L8UX4KV1VLayQ0+Ciic7/2vMxXkSc0hajVi0FPTDz n5hfXyaPToTKBhKzf/7/ZX9pCIu+Y0ONe3hVr7OFbZ+9dJdNdZQkmji3v/w0oPtNf8 730acCFilftvcDLViWK0aKMel9T4/q5OsW1XIJCG442nRaNOpjiZgTisytHRAocf4N 9E4TEOdghjBSC11/J7ayXmol8XoPB5bpnzugn6NqiV9jftvoj92KBT2jBEAgRgGMSI jPCI0EpQ3T9vQ== Date: Mon, 07 Aug 2023 07:45:08 -0700 From: Kees Cook To: =?ISO-8859-1?Q?Pali_Roh=E1r?= , Eric Biederman , Kees Cook CC: linux-mm@kvack.org, linux-kernel@vger.kernel.org Subject: Re: binfmt_misc & different PE binaries User-Agent: K-9 Mail for Android In-Reply-To: <20230806162346.v7gjoev2nepxlcox@pali> References: <20230706115550.sqyh3k26e2glz2lu@pali> <20230806162346.v7gjoev2nepxlcox@pali> Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 8E25040012 X-Rspam-User: X-Rspamd-Server: rspam04 X-Stat-Signature: q3sa1gj19wwf9q4awazhe956qprgnnsr X-HE-Tag: 1691419513-515953 X-HE-Meta: U2FsdGVkX1+cJneKWLP3ol01dbnp3bl+7lla79U1Mt1QMjdZkAGlhMTMLWXwOTI0Db3iRGFjc98t3ifZSwHnyYMm2HYh4m1jsQHL+5kmB/zauBTFsjeBagYmAZZR2zLcWMaQdY4Tj3m6ozVeunEsh1pL+/X9J2M+73LLNh5K++R83PWlP8DwS4RMmL+vrbMmGsBmTV/xz/fD74ZGHmrz5K6hK2EBUQn03qgye87aVrV/oCgc87CGh6f/24f+k4XxUAFQFSW6JTkRPEcBFXB2rjO3+l6B2PXgqzCWmdJmMVGhync80aIRjDV7zd8vLAcuwKPmEWETaJWMZLG02C5b3DrKLUgToD3N16/xZkmLI2eA1IigCaMd37BqTeIfp+CJ5xO3kpy6JYxjFWfQD4bDzp1s1p2E+B5iM7uXJRNscCBDGGRT1aFiRkQBxd/HkBLH0CtXcL2VScx85Qs7Tu3tjd2FJJFSo8H+v8zKuye7eVazTGJ4AjRPZSqWmvdkXx2Urgf9FMJgjc2FE8MbN1knoBjwW5X3uICzgVg5bw45CYOVigQUGZt+upXh/aB+PBxkrwF0RYeJSRNoPJKaFSN258aKQxX8qotj/YbcQ6aY7u3/sS8xH1vFTQQ45I213bn5pJNK8QH3DgPh+oCrgHZN9LAUsLVYu/Czr/3wzWlIfsJgmKggw0rJ0ZG+so8Db4jHEiWj7aPI8+7URBJfNghgBokFtG9+fBtSDAiYOQvy9+2ZUAX2Sx1yhZvsWk2S0ZjBRLBSd9R8VX7I7D7twiPDh85iYAGkHfk447XTUwC4LKYJxvye/FWjkbPsK/+/I+YUWnTP1s6e1m+jj9hykj976lO85rQqPDuVOkDz2ih7pXS4Gn4asE/dfwoQISquIcTRrAGtcdLH8yJ1xMOKdwD6v7nUrB8C6tWAHqaxungA7z+WlcUrrmXbddurLOu5dJO5C8oOxODKKFyNQgag/pe jMAZHg05 NHtX7x9YCyz4ZlrKgrjcqBjEcRzDeYriqzBggmn0XgbfwBTjWwtUCEziTIf7C+8ZsuxYeSK6tiipfy0LUDEdtGrRurt5oL8xBKgo2P+2zI0B3FSL76qIYBsaa80v0qdPnIqMUkkDLK3S/X9vlyHTcGTErGxAtwRdaOi4y72K73d1COn8Y5htzzPfgbAXzxEiTMCP5UlVDv9poWYIBmBFz13mOVtfsbH8CnfT6ymUXSd1R9lOonGSXpzPvi9kXupqd7frUFKI9It0liyDrXKm2C7tvhQ7xSTIAPvija6bIT89BUThy2Tj6v1kCA8duE9ZWcuYf6e9olzvBM5Ym75uqsN6RnSDBivMxy46TfmmipKe+fG1oHmBTsIcTwXv26FWGueAczbra449UWqg= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: On August 6, 2023 9:23:46 AM PDT, "Pali Roh=C3=A1r" wro= te: >Hello, I would like to remind this email about binfmt_misc for PE=2E > >On Thursday 06 July 2023 13:55:50 Pali Roh=C3=A1r wrote: >> Hello, >>=20 >> I would like to ask how to properly register binfmt_misc for different >> PE binaries, so kernel could execute the correct loader for them=2E >>=20 >> I mean, how to register support for Win32 (console/gui) PE binaries and >> also for CLR PE binaries (dotnet)=2E Win32 needs to be executed under w= ine >> and CLR ideally under dotnet core (or mono)=2E >>=20 >> I have read kernel documentation files admin-guide/binfmt-misc=2Erst >> and admin-guide/mono=2Erst=2E But seems that they are in conflicts as b= oth >> wants to registers its own handler for the same magic: >>=20 >> echo ':DOSWin:M::MZ::/usr/local/bin/wine:' > register >>=20 >> echo ':CLR:M::MZ::/usr/bin/mono:' > /proc/sys/fs/binfmt_misc/register >>=20 >> Not mentioning the fact that they register DOS MZ handler, which matche= s >> not only all PE binaries (including EFI, libraries, other processors), >> but also all kind of other NE/LE/LX binaries and different DOS extender= s=2E >>=20 >> From documentation it looks like that even registering PE binaries is >> impossible by binfmt_misc as PE is detected by checking that indirect >> reference from 0x3C is PE\0\0=2E And distinguish between Win32 and CLR >> needs to parse PE COM descriptor directory=2E >>=20 >> Or it is possible to write binfmt_misc pattern match based on indirect >> offset? Normally a single userspace program will be registered and it can do whate= ver it needs to do to further distinguish the binary and hand it off to the= appropriate loader=2E --=20 Kees Cook