Re: [PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs
From: Jann Horn <jannh@google.com>
Date: 2024-01-24 20:51:52
Also in:
linux-fsdevel, linux-hardening, linux-mm, lkml
From: Jann Horn <jannh@google.com>
Date: 2024-01-24 20:51:52
Also in:
linux-fsdevel, linux-hardening, linux-mm, lkml
On Wed, Jan 24, 2024 at 9:47 PM Linus Torvalds [off-list ref] wrote:
On Wed, 24 Jan 2024 at 12:15, Kees Cook [off-list ref] wrote:quoted
Hmpf, and frustratingly Ubuntu (and Debian) still builds with CONFIG_USELIB, even though it was reported[2] to them almost 4 years ago.Well, we could just remove the __FMODE_EXEC from uselib. It's kind of wrong anyway. Unlike a real execve(), where the target executable actually takes control and you can't actually control it (except with ptrace, of course), 'uselib()' really is just a wrapper around a special mmap. And you can see it in the "acc_mode" flags: uselib already requires MAY_READ for that reason. So you cannot uselib() a non-readable file, unlike execve(). So I think just removing __FMODE_EXEC would just do the RightThing(tm), and changes nothing for any sane situation.
Sounds like a good idea. That makes this codepath behave more as if userspace had done the same steps manually...