lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <1358285695-26173-4-git-send-email-vgoyal@redhat.com>
Date:	Tue, 15 Jan 2013 16:34:55 -0500
From:	Vivek Goyal <vgoyal@...hat.com>
To:	linux-kernel@...r.kernel.org
Cc:	ebiederm@...ssion.com, zohar@...ux.vnet.ibm.com, pjones@...hat.com,
	hpa@...or.com, dhowells@...hat.com, jwboyer@...hat.com,
	vgoyal@...hat.com
Subject: [PATCH 3/3] binfmt_elf: Do not allow exec() if signed binary has intepreter

Do not allow execution if signed binary has interpreter. We don't have
a way to verify the signature of libraries interpreter can map. So do not
allow exec() of such binary.

Currently this signing process works only for statically linked binaries.

Well it does not prevent an application to use dlopen(). In that case,
these binaries should not be signed.

If a method to verify signature of shared libraries comes along, then
I think we can verify the signature of interpreter and allow launching
interpreter.

Signed-off-by: Vivek Goyal <vgoyal@...hat.com>
---
 fs/binfmt_elf.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 80da13c..d2fcb47 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1170,6 +1170,16 @@ static int load_elf_binary(struct linux_binprm *bprm)
 		goto out_free_dentry;
 	}
 
+	/*
+	 * Signed binary. If there is an interpreter specified, deny
+	 * execution
+	 */
+	if (esd && elf_interpreter) {
+		retval = -EINVAL;
+		send_sig(SIGKILL, current, 0);
+		goto out_free_dentry;
+	}
+
 	/* Now we do a little grungy work by mmapping the ELF image into
 	   the correct location in memory. */
 	for(i = 0, elf_ppnt = elf_phdata;
-- 
1.7.7.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ