Re: [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
From: Aleksa Sarai <hidden>
Date: 2019-09-06 17:08:25
Also in:
linux-fsdevel, linux-security-module, lkml
Possibly related (same subject, not in this thread)
- 2019-09-06 · Re: [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open() · Tycho Andersen <hidden>
- 2019-09-06 · Re: [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open() · Florian Weimer <hidden>
- 2019-09-06 · Re: [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open() · Florian Weimer <hidden>
- 2019-09-06 · [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open() · Mickaël Salaün <mic@digikod.net>
On 2019-09-06, Mickaël Salaün [off-list ref] wrote:
On 06/09/2019 17:56, Florian Weimer wrote:quoted
Let's assume I want to add support for this to the glibc dynamic loader, while still being able to run on older kernels. Is it safe to try the open call first, with O_MAYEXEC, and if that fails with EINVAL, try again without O_MAYEXEC?The kernel ignore unknown open(2) flags, so yes, it is safe even for older kernel to use O_MAYEXEC.
Depends on your definition of "safe" -- a security feature that you will silently not enable on older kernels doesn't sound super safe to me. Unfortunately this is a limitation of open(2) that we cannot change -- which is why the openat2(2) proposal I've been posting gives -EINVAL for unknown O_* flags. There is a way to probe for support (though unpleasant), by creating a test O_MAYEXEC fd and then checking if the flag is present in /proc/self/fdinfo/$n. -- Aleksa Sarai Senior Software Engineer (Containers) SUSE Linux GmbH <https://www.cyphar.com/>
Attachments
- signature.asc [application/pgp-signature] 228 bytes