Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2)
From: Jeff Xu <hidden>
Date: 2024-07-08 16:41:24
Also in:
linux-api, linux-fsdevel, linux-integrity, lkml
Possibly related (same subject, not in this thread)
- 2024-08-09 · Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2) · Jeff Xu <hidden>
- 2024-08-09 · Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2) · Mickaël Salaün <mic@digikod.net>
- 2024-08-05 · Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2) · Jeff Xu <hidden>
- 2024-07-23 · Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2) · Mickaël Salaün <mic@digikod.net>
- 2024-07-23 · Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2) · Mickaël Salaün <mic@digikod.net>
On Mon, Jul 8, 2024 at 9:26 AM Florian Weimer [off-list ref] wrote:
* Jeff Xu:quoted
Will dynamic linkers use the execveat(AT_CHECK) to check shared libraries too ? or just the main executable itself.I expect that dynamic linkers will have to do this for everything they map.
Then all the objects (.so, .sh, etc.) will go through the check from execveat's main to security_bprm_creds_for_exec(), some of them might be specific for the main executable ? e.g. ChromeOS uses security_bprm_creds_for_exec to block executable memfd [1], applying this means automatically extending the block to the .so object. I'm not sure if other LSMs need to be updated ? e.g. will SELINUX check for .so with its process transaction policy ? [1] https://chromium-review.googlesource.com/c/chromiumos/third_party/kernel/+/3834992 -Jeff
Usually, that does not include the maim program, but this can happen with explicit loader invocations (“ld.so /bin/true”). Thanks, Florian