| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 3 May 2021 09:39:05 -0700
From: Dave Hansen <dave.hansen@...el.com>
To: Jarkko Sakkinen <jarkko@...nel.org>
Cc: Tim Gardner <tim.gardner@...onical.com>,
dave.hansen@...ux.intel.com, shuah@...nel.org,
linux-sgx@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: Subject: [PATCH 0/1] SGX self test fails
On 5/3/21 8:41 AM, Jarkko Sakkinen wrote:
>> $ ls -l /dev/sgx_enclave
>> crw------- 1 dave dave 10, 125 Apr 28 11:32 /dev/sgx_enclave
>> $ ./test_sgx
>> 0x0000000000000000 0x0000000000002000 0x03
>> 0x0000000000002000 0x0000000000001000 0x05
>> 0x0000000000003000 0x0000000000003000 0x03
>> SUCCESS
>>
>> *But*, is that OK? Should we be happily creating a PROT_EXEC mapping on
>> a ugo-x file? Why were we respecting noexec on the filesystem but not
>> ugo-x on the file?
> Yeah, this supports my earlier response:
>
> "EPERM The prot argument asks for PROT_EXEC but the mapped area
> belongs to a file on a filesystem that was mounted no-exec."
> https://man7.org/linux/man-pages/man2/mmap.2.html
>
> I guess the right model is to think just as "anonymous memory"
> with equivalent access control semantics after succesfully
> opened for read and write.
I guess I'll answer my own question: The "x" bit on file permissions
really only controls the ability for the file to be execve()'d, but has
no bearing on the ability for an executable *mapping* to be created.
This is existing VFS behavior and is not specific to SGX.
I think I'll just send a patch to pull that warning out.
Powered by blists - more mailing lists