Thread (2 messages) 2 messages, 2 authors, 2024-08-26

Re: TOCTOU-free exec(), chdir(), open() with O_PATH sandbox emulation support?

From: Ⓐlï P☮latel <hidden>
Date: 2024-08-26 17:07:33
Also in: lkml

On Thursday, February 22nd, 2024 at 07:41, Bagas Sanjaya [off-list ref] wrote:
Hi,
Ali Polatel alip@chesswob.org opened feature request bug on Bugzilla
regarding TOCTOU-free sandbox emulation support [1]. He wrote:
[snip]
Is the feature request viable/realistic?
Thanks.
[1]: https://bugzilla.kernel.org/show_bug.cgi?id=218501
Just close it as ENOTG**GLE. Sorry for the noise¹...

All of these have "safe" workarounds:
1. PTRACE_EVENT_EXEC can workaround the inability to emulate exec.
   That said, you can TOCTOU scripts (because binfmt) but not ELFs!
   Just denylist the interpreters or W^X your FS like a chad or wait
   for O_MAYEXEC to happen if you care that much really.
2. Turn O_PATH to O_RDONLY and noone will know (pinky swear). You get to
   updoot access times but who cares if the alternative is unsafe?
3. Apparently, chdir is not seen as security critical² so why bother?
--
An old man doll... just what I always wanted! - Clara
¹: you cannot cover the sun with a sieve,
gv*sor is a joke: https://mastodon.online/@alip/113028762062293426
²: https://www.openwall.com/lists/oss-security/2024/05/20/1

--  
-Ⓐlïp.

Attachments

Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help