executor: Support configuring process name

[mmiszczyk]

Is your feature request related to a problem? Please describe. I'd like to fuzz drivers which only allow processes with a specified name to open their associated device files. Currently I can fuzz them by removing the check and rebuilding the kernel, but being able to set process name in config would be much more convenient than rebuilding the kernel.

Describe the solution you'd like Process name checks are done by calls to current->comm (see: https://github.com/OP-TEE/optee_linuxdriver/blob/master/core/tee_core.c#L169 for an open-source example of such code). Right now, current->comm will always be 'syz-executor'. Those checks can be trivially bypassed by changing executable name, and I'm pretty sure a more elegant option would be to run the syz-executor binary as it is but put the configured name in argv[0] (I am however not sure if it's doable in Go as my knowledge of Go is very limited; in C it's easy to do with execve: https://man7.org/linux/man-pages/man2/execve.2.html)

[dvyukov]

Why would a kernel driver want to do this? This does not look like it's a serious security protection. Can this check be removed entirely? Or at least made configurable with cmdline option?

prctl(PR_SET_NAME) should change comm, this can be executed from executor itself.

[mmiszczyk]

I agree that this is not a serious security protection and shouldn't be done. I didn't write the driver I'm fuzzing though (the one I've linked is just an example, the driver I'm fuzzing doesn't seem to be publicly available), so I'm just suggesting things that would make fuzzing easier.