| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Mar 2012 15:21:08 -0700 From: Matt Helsley <matthltc@...ibm.com> To: Cyrill Gorcunov <gorcunov@...nvz.org> Cc: Matt Helsley <matthltc@...ibm.com>, Oleg Nesterov <oleg@...hat.com>, KOSAKI Motohiro <kosaki.motohiro@...fujitsu.com>, Pavel Emelyanov <xemul@...allels.com>, Kees Cook <keescook@...omium.org>, Tejun Heo <tj@...nel.org>, Andrew Morton <akpm@...ux-foundation.org>, LKML <linux-kernel@...r.kernel.org> Subject: Re: [RFC] c/r: prctl: Add ability to set new mm_struct::exe_file v3 On Wed, Mar 14, 2012 at 09:47:28AM +0400, Cyrill Gorcunov wrote: > On Tue, Mar 13, 2012 at 06:41:06PM -0700, Matt Helsley wrote: > ... > > > + > > > + exe_file = fget(fd); > > > + if (!exe_file) > > > + return -EBADF; > > > + > > > + dentry = exe_file->f_path.dentry; > > > + > > > + /* > > > + * Because the original mm->exe_file > > > + * points to executable file, make sure > > > + * this one is executable as well to not > > > + * break an overall picture. > > > + */ > > > + err = -EACCES; > > > + if (!S_ISREG(dentry->d_inode->i_mode) || > > > + exe_file->f_path.mnt->mnt_flags & MNT_NOEXEC) > > > + goto exit; > > > > You could factor out this portion of the access checking from open_exec() > > after the do_filp_open() in open_exec() and re-use it here. I know it's > > tiny helper but tying these two together might be good for > > maintenance later. > > > > Matt, I really dont wanna touch code outside of prctl and this function > in particualar, at least in this patch, ie I can clean up and factor out > is on top of the patch, as a separate task. OK, sounds fine. > > > Should it check for some of the flags open_exec() uses? open_exec() > > passes: > > > > O_LARGEFILE|O_RDONLY|__FMODE_EXEC > > > > to do_filp_open(). I think a O_RDONLY check might be good. I don't > > think __FMODE_EXEC is something userspace can set so could be ignored. > > O_LARGEFILE might be important though. > > Well, we're not going to read from this file, so it is not that important > at moment, so previously I've had > > > + if ((exe_file->f_flags & O_ACCMODE) != O_RDONLY) > > + goto exit; > > and Oleg pointed me > > | But the O_RDONLY check looks strange. We are not going to write > | to this file, we only set the name (and that is why I think it > | should be mm->exe_path). What is the point to check that the file > | was opened without FMODE_WRITE? Even if there were any security > | risk the apllication can open this file again with the different > | flags. > > so I dropped it. And I think the same applies to O_LARGEFILE. Sure > it's not a problem to bring it back but should we? OK, sorry I must have missed that portion of the discussion. It all looks good to me. Cheers, -Matt -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists