lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20150710121921.e02eb9f1041432ff2dca4667@linux-foundation.org>
Date:	Fri, 10 Jul 2015 12:19:21 -0700
From:	Andrew Morton <akpm@...ux-foundation.org>
To:	Stephen Smalley <sds@...ho.nsa.gov>
Cc:	paul@...l-moore.com, hughd@...gle.com, prarit@...hat.com,
	mstevens@...oraproject.org, esandeen@...hat.com,
	david@...morbit.com, linux-kernel@...r.kernel.org,
	eparis@...hat.com, linux-mm@...ck.org, wagi@...om.org,
	selinux@...ho.nsa.gov, torvalds@...ux-foundation.org,
	stable@...r.kernel.org
Subject: Re: [PATCH] selinux: fix mprotect PROT_EXEC regression caused by mm
 change

On Fri, 10 Jul 2015 09:40:59 -0400 Stephen Smalley <sds@...ho.nsa.gov> wrote:

> commit 66fc13039422ba7df2d01a8ee0873e4ef965b50b ("mm: shmem_zero_setup skip
> security check and lockdep conflict with XFS") caused a regression for
> SELinux by disabling any SELinux checking of mprotect PROT_EXEC on
> shared anonymous mappings.  However, even before that regression, the
> checking on such mprotect PROT_EXEC calls was inconsistent with the
> checking on a mmap PROT_EXEC call for a shared anonymous mapping.  On a
> mmap, the security hook is passed a NULL file and knows it is dealing with
> an anonymous mapping and therefore applies an execmem check and no file
> checks.  On a mprotect, the security hook is passed a vma with a
> non-NULL vm_file (as this was set from the internally-created shmem
> file during mmap) and therefore applies the file-based execute check and
> no execmem check.  Since the aforementioned commit now marks the shmem
> zero inode with the S_PRIVATE flag, the file checks are disabled and
> we have no checking at all on mprotect PROT_EXEC.  Add a test to
> the mprotect hook logic for such private inodes, and apply an execmem
> check in that case.  This makes the mmap and mprotect checking consistent
> for shared anonymous mappings, as well as for /dev/zero and ashmem.
> 
> Signed-off-by: Stephen Smalley <sds@...ho.nsa.gov>

Cc: <stable@...r.kernel.org>	[4.1.x]
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ