[2/5] linux-uesr: make exec_path realpath

Message ID	20210524045412.15152-3-yamamoto@midokura.com (mailing list archive)
State	New, archived
Headers	show Return-Path: <SRS0=38Js=KT=nongnu.org=qemu-devel-bounces+qemu-devel=archiver.kernel.org@kernel.org> DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4162461104 From: YAMAMOTO Takashi <yamamoto@midokura.com> To: qemu-devel@nongnu.org Cc: YAMAMOTO Takashi <yamamoto@midokura.com>, Laurent Vivier <laurent@vivier.eu> Subject: [PATCH 2/5] linux-uesr: make exec_path realpath Date: Mon, 24 May 2021 13:54:08 +0900 Message-Id: <20210524045412.15152-3-yamamoto@midokura.com> In-Reply-To: <20210524045412.15152-1-yamamoto@midokura.com> References: <20210524045412.15152-1-yamamoto@midokura.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Received-SPF: pass client-ip=2607:f8b0:4864:20::42c; envelope-from=yamamoto@midokura.com; helo=mail-pf1-x42c.google.com X-Spam_score_int: -20 X-Spam_score: -2.1 X-Spam_bar: -- X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action Precedence: list Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org Sender: "Qemu-devel" <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>
Series	linux-user changes to run docker \| expand [0/5] linux-user changes to run docker [1/5] linux-user: handle /proc/self/exe for execve [2/5] linux-uesr: make exec_path realpath [3/5] linux-user: Fix the execfd case of /proc/self/exe open [4/5] linux-user: dup the execfd on start up [5/5] linux-user: Implement pivot_root

Message ID

20210524045412.15152-3-yamamoto@midokura.com (mailing list archive)

State

New, archived

Headers

DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4162461104
From: YAMAMOTO Takashi <yamamoto@midokura.com>
To: qemu-devel@nongnu.org
Cc: YAMAMOTO Takashi <yamamoto@midokura.com>,
 Laurent Vivier <laurent@vivier.eu>
Subject: [PATCH 2/5] linux-uesr: make exec_path realpath
Date: Mon, 24 May 2021 13:54:08 +0900
Message-Id: <20210524045412.15152-3-yamamoto@midokura.com>
In-Reply-To: <20210524045412.15152-1-yamamoto@midokura.com>
References: <20210524045412.15152-1-yamamoto@midokura.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Received-SPF: pass client-ip=2607:f8b0:4864:20::42c;
 envelope-from=yamamoto@midokura.com; helo=mail-pf1-x42c.google.com
X-Spam_score_int: -20
X-Spam_score: -2.1
X-Spam_bar: --
X-Spam_report: (-2.1 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: qemu-devel@nongnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: <qemu-devel.nongnu.org>
List-Unsubscribe: <https://lists.nongnu.org/mailman/options/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <https://lists.nongnu.org/archive/html/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <https://lists.nongnu.org/mailman/listinfo/qemu-devel>,
 <mailto:qemu-devel-request@nongnu.org?subject=subscribe>
Errors-To: qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org
Sender: "Qemu-devel"
 <qemu-devel-bounces+qemu-devel=archiver.kernel.org@nongnu.org>

Series

linux-user changes to run docker | expand

Otherwise, it can be easily fooled by the user app using chdir(). Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com> --- linux-user/main.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Alex Bennée May 24, 2021, 10:55 a.m. UTC | #1

YAMAMOTO Takashi <yamamoto@midokura.com> writes:

> Otherwise, it can be easily fooled by the user app using chdir().
>
> Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
> ---
>  linux-user/main.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/linux-user/main.c b/linux-user/main.c
> index 4dfc47ad3b..1f9f4e3820 100644
> --- a/linux-user/main.c
> +++ b/linux-user/main.c
> @@ -55,6 +55,7 @@
>  #endif
>  
>  char *exec_path;
> +char exec_path_store[PATH_MAX];

Is there any point in keeping this as a static path rather than just
allocating it off the heap?

>  
>  int singlestep;
>  static const char *argv0;
> @@ -610,7 +611,10 @@ static int parse_args(int argc, char **argv)
>          exit(EXIT_FAILURE);
>      }
>  
> -    exec_path = argv[optind];
> +    exec_path = realpath(argv[optind], exec_path_store);
> +    if (exec_path == NULL) {
> +        exec_path = argv[optind];
> +    }

  exec_path = realpath(argv[optind], NULL)
  exec_path = exec_path ? exec_path : argv[optind];

what situations would we expect realpath to fail and in those cases is
sticking to argv[optind] safe?

>  
>      return optind;
>  }

Takashi Yamamoto May 24, 2021, 10:59 p.m. UTC | #2

On Mon, May 24, 2021 at 7:59 PM Alex Bennée <alex.bennee@linaro.org> wrote:
>
>
> YAMAMOTO Takashi <yamamoto@midokura.com> writes:
>
> > Otherwise, it can be easily fooled by the user app using chdir().
> >
> > Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
> > ---
> >  linux-user/main.c | 6 +++++-
> >  1 file changed, 5 insertions(+), 1 deletion(-)
> >
> > diff --git a/linux-user/main.c b/linux-user/main.c
> > index 4dfc47ad3b..1f9f4e3820 100644
> > --- a/linux-user/main.c
> > +++ b/linux-user/main.c
> > @@ -55,6 +55,7 @@
> >  #endif
> >
> >  char *exec_path;
> > +char exec_path_store[PATH_MAX];
>
> Is there any point in keeping this as a static path rather than just
> allocating it off the heap?

it's just the simplest given the api of realpath().
do you mean it's better to use malloc? why?

>
> >
> >  int singlestep;
> >  static const char *argv0;
> > @@ -610,7 +611,10 @@ static int parse_args(int argc, char **argv)
> >          exit(EXIT_FAILURE);
> >      }
> >
> > -    exec_path = argv[optind];
> > +    exec_path = realpath(argv[optind], exec_path_store);
> > +    if (exec_path == NULL) {
> > +        exec_path = argv[optind];
> > +    }
>
>   exec_path = realpath(argv[optind], NULL)
>   exec_path = exec_path ? exec_path : argv[optind];
>
> what situations would we expect realpath to fail and in those cases is
> sticking to argv[optind] safe?

i don't have any particular case in my mind.
i guess it rarely fails and it might be simpler to just bail out on the failure.

>
> >
> >      return optind;
> >  }
>
>
> --
> Alex Bennée

Takashi Yamamoto May 26, 2021, 1:42 a.m. UTC | #3

On Tue, May 25, 2021 at 7:59 AM Takashi Yamamoto <yamamoto@midokura.com> wrote:
>
> On Mon, May 24, 2021 at 7:59 PM Alex Bennée <alex.bennee@linaro.org> wrote:
> >
> >
> > YAMAMOTO Takashi <yamamoto@midokura.com> writes:
> >
> > > Otherwise, it can be easily fooled by the user app using chdir().
> > >
> > > Signed-off-by: YAMAMOTO Takashi <yamamoto@midokura.com>
> > > ---
> > >  linux-user/main.c | 6 +++++-
> > >  1 file changed, 5 insertions(+), 1 deletion(-)
> > >
> > > diff --git a/linux-user/main.c b/linux-user/main.c
> > > index 4dfc47ad3b..1f9f4e3820 100644
> > > --- a/linux-user/main.c
> > > +++ b/linux-user/main.c
> > > @@ -55,6 +55,7 @@
> > >  #endif
> > >
> > >  char *exec_path;
> > > +char exec_path_store[PATH_MAX];
> >
> > Is there any point in keeping this as a static path rather than just
> > allocating it off the heap?
>
> it's just the simplest given the api of realpath().
> do you mean it's better to use malloc? why?
>
> >
> > >
> > >  int singlestep;
> > >  static const char *argv0;
> > > @@ -610,7 +611,10 @@ static int parse_args(int argc, char **argv)
> > >          exit(EXIT_FAILURE);
> > >      }
> > >
> > > -    exec_path = argv[optind];
> > > +    exec_path = realpath(argv[optind], exec_path_store);
> > > +    if (exec_path == NULL) {
> > > +        exec_path = argv[optind];
> > > +    }
> >
> >   exec_path = realpath(argv[optind], NULL)
> >   exec_path = exec_path ? exec_path : argv[optind];
> >
> > what situations would we expect realpath to fail and in those cases is
> > sticking to argv[optind] safe?
>
> i don't have any particular case in my mind.
> i guess it rarely fails and it might be simpler to just bail out on the failure.

i recalled why i did this way.
it was actually necessary for some apps. eg. runc
it executes an unlinked binary via /proc/self/fd.
i'll clean it up a bit and add comments.

>
> >
> > >
> > >      return optind;
> > >  }
> >
> >
> > --
> > Alex Bennée

diff --git a/linux-user/main.c b/linux-user/main.c
index 4dfc47ad3b..1f9f4e3820 100644
--- a/linux-user/main.c
+++ b/linux-user/main.c
@@ -55,6 +55,7 @@ 
 #endif
 
 char *exec_path;
+char exec_path_store[PATH_MAX];
 
 int singlestep;
 static const char *argv0;
@@ -610,7 +611,10 @@  static int parse_args(int argc, char **argv)
         exit(EXIT_FAILURE);
     }
 
-    exec_path = argv[optind];
+    exec_path = realpath(argv[optind], exec_path_store);
+    if (exec_path == NULL) {
+        exec_path = argv[optind];
+    }
 
     return optind;
 }

[2/5] linux-uesr: make exec_path realpath

Commit Message

Comments

Patch