From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0EB8ACF6D2C
	for <linux-mm@archiver.kernel.org>; Wed,  2 Oct 2024 14:34:49 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 764266B0183; Wed,  2 Oct 2024 10:34:48 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 713C56B0260; Wed,  2 Oct 2024 10:34:48 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 5DC426B0269; Wed,  2 Oct 2024 10:34:48 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0011.hostedemail.com [216.40.44.11])
	by kanga.kvack.org (Postfix) with ESMTP id 2FFEF6B0183
	for <linux-mm@kvack.org>; Wed,  2 Oct 2024 10:34:48 -0400 (EDT)
Received: from smtpin03.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay07.hostedemail.com (Postfix) with ESMTP id 901D51607E0
	for <linux-mm@kvack.org>; Wed,  2 Oct 2024 14:34:47 +0000 (UTC)
X-FDA: 82628908614.03.F379466
Received: from kawka3.in.waw.pl (kawka3.in.waw.pl [68.183.222.220])
	by imf08.hostedemail.com (Postfix) with ESMTP id BA7B316000B
	for <linux-mm@kvack.org>; Wed,  2 Oct 2024 14:34:44 +0000 (UTC)
Authentication-Results: imf08.hostedemail.com;
	dkim=none;
	dmarc=none;
	spf=pass (imf08.hostedemail.com: domain of zbyszek@in.waw.pl designates 68.183.222.220 as permitted sender) smtp.mailfrom=zbyszek@in.waw.pl
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1727879645; a=rsa-sha256;
	cv=none;
	b=tRddl8ITCS7BssHPJhlj1AhvcIQtJVyqGvvMRgjdZ3BRQnas++zYAT8uBoCVlVkXIuKGyx
	CJbZAtZ6eFHVRXY/VWljCCRJORR0NDgpjNonEX9lCPgj9laUVCcgpyPbwkW4H2OD2vQ5AW
	s1FeipAjCT5pJwYuY17AYyvmcNazRB8=
ARC-Authentication-Results: i=1;
	imf08.hostedemail.com;
	dkim=none;
	dmarc=none;
	spf=pass (imf08.hostedemail.com: domain of zbyszek@in.waw.pl designates 68.183.222.220 as permitted sender) smtp.mailfrom=zbyszek@in.waw.pl
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1727879645;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=L7sBsvjLiUZghanh+Y6m8k4XeiCaK/fEdLuRz4Z2dxY=;
	b=zKlzxE1lzJkwyStdOHuBM2/UOP2cA/Q5xxWsURVn82fgl+lpGzGSEAqJHAEKCUVLjt/Q8H
	Cu0M7dpCpyiMykmlCnAUiJQTp0pwvTSsJ/83jHJ6CH+/o17eg8wGl9TZJk60Eqx0CAsP8U
	b5hes+vsGipNCAPPFsTcorWbwUWPSXE=
Received: by kawka3.in.waw.pl (Postfix, from userid 1000)
	id 1FF5E550DB2; Wed,  2 Oct 2024 14:34:43 +0000 (UTC)
Date: Wed, 2 Oct 2024 14:34:43 +0000
From: Zbigniew =?utf-8?Q?J=C4=99drzejewski-Szmek?= <zbyszek@in.waw.pl>
To: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Tycho Andersen <tycho@tycho.pizza>,
	Alexander Viro <viro@zeniv.linux.org.uk>,
	Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
	Kees Cook <kees@kernel.org>, Jeff Layton <jlayton@kernel.org>,
	Chuck Lever <chuck.lever@oracle.com>,
	Alexander Aring <alex.aring@gmail.com>,
	linux-fsdevel@vger.kernel.org, linux-mm@kvack.org,
	linux-kernel@vger.kernel.org,
	Tycho Andersen <tandersen@netflix.com>,
	Aleksa Sarai <cyphar@cyphar.com>
Subject: Re: [RFC] exec: add a flag for "reasonable" execveat() comm
Message-ID: <Zv1aA4I6r4py-8yW@kawka3.in.waw.pl>
References: <20240924141001.116584-1-tycho@tycho.pizza>
 <87msjx9ciw.fsf@email.froward.int.ebiederm.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <87msjx9ciw.fsf@email.froward.int.ebiederm.org>
X-Rspam-User: 
X-Rspamd-Queue-Id: BA7B316000B
X-Rspamd-Server: rspam01
X-Stat-Signature: ndsohfzraxzpm39dfgrg1goze18hcf9j
X-HE-Tag: 1727879684-286736
X-HE-Meta: U2FsdGVkX18AGRwD8NE32cAAvLMXK5jNLoPHmZhD6SfCIEGZgXaav6HK9YgBnp4FVZmC43OG/yIvgR4632AJSXTFLGNPtn3MuLzL7IltkqrEaf+JejoIhAAGI0cWcaLvMyQdE13q7fabxEl42zI98i5gyVE66QAq+5z3hEzIjIxqE9ixG1HccRkFH+LcSvFrlAn4rEVj6VbLcv+9UVXad28D2XtEWeTcWWQye3okViWtLTG04L+o+dyWSU+qFJTcskB9/mKm/y90TnBOTEFn7IO73OMbSrlwuFlmZehehbQ5SE8sFVgxC09aLE2SErUKs5GF6YnkIMnLZvX4cA1sBCDjuZfNFCvIqLuJtryVqfGMuWFEO0p5D7aNJRGEHFVelErMX3IOhN6Yj7H2+8QaDEzqSpjeOw5zLwuL0/7DhmrHE53VvRFkmDFHgNPikECXBfVoUeg6UGquRE7a/FDdytIE3OM2DDVwCDocLozxwDyLsQpFkKJKxyqhvx6VXhFusKEgFgaZtKLbPv8pF/ZdfX3CXkGyUOkszKeZJqdOFKkr4ri4+a6YGGj4qOBVbs9j+ScKnjn0/qIBsrh++Uq2RcDlUCMu/Re/jfXZOVxTuBgg6BohO9Q8BR4u0J43KQQljT5LkhID/aAx1hcDpi9Jyo2+43AVnGd8svEleadvDsDcxo7IVg1ay6XpeTO8IXS/j0sh/PEhkqQimJSOW8oX4kZuKmqkzLfp7EEVhj5YE6h7vYjfOeEWsGL0qCFrd/DEYJSwHkJBZFk94w0GfMOFfv6qeqLjbagpakTiyks7ReOf9oNqCRS9dp1N5lwmvutD0e0PZylEMvA60Xs6Xb2Z9zSq9Zgs/m8ewGjxGInbMF9epZCASnB/O6EEPBuwf2NMhRBjkvYqAolqtVJlTML5lmCCX14P0SNcxZTdLCmuNGfitWx9hpcwWRKuNM+hj6vo98nkFBFdl+DeXdcnDxI
 +0gT5x4h
 oaOfiFeXLo0ALquncTN9D6bZIJ8ys3oLNFKYwc1ttDiqeneV9nW06ZnjKHCoklux+KVZm6gLhVn/gddLB4oW09GhsBXanrtV8NwG2ZrHE0alS/er/Z6SpJMucG6ZVea1HmdZa8wKHF60Aa2N3dukD4tEeCm2vTaa86sw8DK8kXgAEdqYMy8YBGwxA3CVNEJ28pZOxdaSo+i3fA/hOFEmX2DAnpoin62fuIhkTE32CagtkmwE=
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Tue, Sep 24, 2024 at 12:39:35PM -0500, Eric W. Biederman wrote:
> Tycho Andersen <tycho@tycho.pizza> writes:
> 
> > From: Tycho Andersen <tandersen@netflix.com>
> >
> > Zbigniew mentioned at Linux Plumber's that systemd is interested in
> > switching to execveat() for service execution, but can't, because the
> > contents of /proc/pid/comm are the file descriptor which was used,
> > instead of the path to the binary. This makes the output of tools like
> > top and ps useless, especially in a world where most fds are opened
> > CLOEXEC so the number is truly meaningless.
> >
> > This patch adds an AT_ flag to fix up /proc/pid/comm to instead be the
> > contents of argv[0], instead of the fdno.

I tried this version (with a local modification to drop the flag and
enable the new codepath if get_user_arg_ptr(argv, 0) returns nonnull
as suggested later in the thread), and it seems to work as expected.
In particular, 'pgrep' finds for the original name in case of
symlinks.

> All of that said I am not a fan of the implementation below as it has
> the side effect of replacing /dev/fd/N with a filename that is not
> usable by #! interpreters.  So I suggest an implementation that affects
> task->comm and not brpm->filename.

Hmm, I don't understand this. /dev/fd/ would not generally contain an
open fd for the original binary. It only would if the caller uses
fexecve with an fd opened without O_CLOEXEC, but then it'd be
something like /dev/fd/3 or /dev/fd/4 and the callee would be confused
by having an extra fd, so except for some specialed cases, the caller
should always use O_CLOEXEC.

With this patch:
$ sudo ln -sv /bin/sleep /usr/local/bin/sleep-link
$ sudo systemd-run sleep-link 10000

$ sudo strace -f -e execve,execveat -p 1
...
[pid  1200] execve("/proc/self/fd/9", ["/usr/lib/systemd/systemd-executo"..., "--deserialize", "150", "--log-level", "info", "--log-target", "journal-or-kmsg"], 0x7ffe97b98178 /* 3 vars */) = 0
[pid  1200] execveat(4, "", ["/usr/local/bin/sleep-link", "10000"], 0xd8edf70 /* 9 vars */, AT_EMPTY_PATH) = 0
^C

$ pgrep sleep-link
1200

$ sudo ls -l /proc/1200/fd
total 0
lr-x------ 1 root root 64 Oct  2 17:13 0 -> /dev/null
lrwx------ 1 root root 64 Oct  2 17:13 1 -> 'socket:[8585]'
lrwx------ 1 root root 64 Oct  2 17:13 2 -> 'socket:[8585]'

$ head -n1 /proc/1200/{comm,status,stat}
==> /proc/1200/comm <==
sleep-link
==> /proc/1200/status <==
Name:   sleep-link
==> /proc/1200/stat <==
1200 (sleep-link) ...

This all looks good.

Zbyszek