Thread (15 messages) 15 messages, 7 authors, 2024-01-27

Re: [PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs

From: Jann Horn <jannh@google.com>
Date: 2024-01-24 20:51:52
Also in: linux-fsdevel, linux-hardening, linux-mm, lkml

On Wed, Jan 24, 2024 at 9:47 PM Linus Torvalds
[off-list ref] wrote:
On Wed, 24 Jan 2024 at 12:15, Kees Cook [off-list ref] wrote:
quoted
Hmpf, and frustratingly Ubuntu (and Debian) still builds with
CONFIG_USELIB, even though it was reported[2] to them almost 4 years ago.
Well, we could just remove the __FMODE_EXEC from uselib.

It's kind of wrong anyway.

Unlike a real execve(), where the target executable actually takes
control and you can't actually control it (except with ptrace, of
course), 'uselib()' really is just a wrapper around a special mmap.

And you can see it in the "acc_mode" flags: uselib already requires
MAY_READ for that reason. So you cannot uselib() a non-readable file,
unlike execve().

So I think just removing __FMODE_EXEC would just do the
RightThing(tm), and changes nothing for any sane situation.
Sounds like a good idea. That makes this codepath behave more as if
userspace had done the same steps manually...
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help