| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20220805222126.142525-5-jeffxu@google.com>
Date: Fri, 5 Aug 2022 22:21:25 +0000
From: <jeffxu@...gle.com>
To: skhan@...uxfoundation.org
Cc: akpm@...ux-foundation.org, dmitry.torokhov@...il.com,
dverkamp@...omium.org, hughd@...gle.com, jeffxu@...gle.com,
jorgelo@...omium.org, keescook@...omium.org,
linux-kernel@...r.kernel.org, linux-kselftest@...r.kernel.org,
linux-mm@...ck.org, mnissler@...omium.org, jannh@...gle.com,
Jeff Xu <jeffxu@...omium.org>
Subject: [PATCH v2 4/5] selftests/memfd: add tests for MFD_NOEXEC
From: Daniel Verkamp <dverkamp@...omium.org>
Tests that ensure MFD_NOEXEC memfds have the appropriate mode bits and
cannot be chmod-ed into being executable.
Co-developed-by: Jeff Xu <jeffxu@...omium.org>
Signed-off-by: Jeff Xu <jeffxu@...omium.org>
Signed-off-by: Daniel Verkamp <dverkamp@...omium.org>
---
tools/testing/selftests/memfd/memfd_test.c | 34 ++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/tools/testing/selftests/memfd/memfd_test.c b/tools/testing/selftests/memfd/memfd_test.c
index 1d7e7b36bbdd..4906f778564e 100644
--- a/tools/testing/selftests/memfd/memfd_test.c
+++ b/tools/testing/selftests/memfd/memfd_test.c
@@ -36,6 +36,10 @@
#define MAX_PATH 256
#endif
+#ifndef MFD_NOEXEC
+#define MFD_NOEXEC 0x0008U
+#endif
+
/*
* Default is not to test hugetlbfs
*/
@@ -1006,6 +1010,35 @@ static void test_seal_exec(void)
close(fd);
}
+/*
+ * Test memfd_create with MFD_NOEXEC flag
+ * Test that MFD_NOEXEC applies F_SEAL_EXEC and prevents change of exec bits
+ */
+static void test_noexec(void)
+{
+ int fd;
+
+ printf("%s NOEXEC\n", memfd_str);
+
+ /* Create with NOEXEC and ALLOW_SEALING */
+ fd = mfd_assert_new("kern_memfd_noexec",
+ mfd_def_size,
+ MFD_CLOEXEC | MFD_ALLOW_SEALING | MFD_NOEXEC);
+ mfd_assert_mode(fd, 0666);
+ mfd_assert_has_seals(fd, F_SEAL_EXEC);
+ mfd_fail_chmod(fd, 0777);
+ close(fd);
+
+ /* Create with NOEXEC but without ALLOW_SEALING */
+ fd = mfd_assert_new("kern_memfd_noexec",
+ mfd_def_size,
+ MFD_CLOEXEC | MFD_NOEXEC);
+ mfd_assert_mode(fd, 0666);
+ mfd_assert_has_seals(fd, F_SEAL_EXEC | F_SEAL_SEAL);
+ mfd_fail_chmod(fd, 0777);
+ close(fd);
+}
+
/*
* Test sharing via dup()
* Test that seals are shared between dupped FDs and they're all equal.
@@ -1179,6 +1212,7 @@ int main(int argc, char **argv)
test_create();
test_basic();
+ test_noexec();
test_seal_write();
test_seal_future_write();
--
2.37.1.559.g78731f0fdb-goog
Powered by blists - more mailing lists