lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Mon, 23 Jan 2023 16:22:11 +0000
From:   Catalin Marinas <catalin.marinas@....com>
To:     David Hildenbrand <david@...hat.com>
Cc:     Joey Gouly <joey.gouly@....com>,
        Andrew Morton <akpm@...ux-foundation.org>,
        Lennart Poettering <lennart@...ttering.net>,
        Zbigniew Jędrzejewski-Szmek <zbyszek@...waw.pl>,
        Alexander Viro <viro@...iv.linux.org.uk>,
        Kees Cook <keescook@...omium.org>,
        Szabolcs Nagy <szabolcs.nagy@....com>,
        Mark Brown <broonie@...nel.org>,
        Jeremy Linton <jeremy.linton@....com>,
        Topi Miettinen <toiwoton@...il.com>, linux-mm@...ck.org,
        linux-arm-kernel@...ts.infradead.org, linux-kernel@...r.kernel.org,
        linux-abi-devel@...ts.sourceforge.net, nd@....com, shuah@...nel.org
Subject: Re: [PATCH v2 1/2] mm: Implement memory-deny-write-execute as a prctl

On Mon, Jan 23, 2023 at 05:10:08PM +0100, David Hildenbrand wrote:
> On 23.01.23 17:04, Catalin Marinas wrote:
> > On Mon, Jan 23, 2023 at 01:53:46PM +0100, David Hildenbrand wrote:
> > > That at least would be then similar to how we handle mmaped files: if the
> > > file is not executable, we clear VM_MAYEXEC. If the file is not writable, we
> > > clear VM_MAYWRITE.
> > 
> > We still allow VM_MAYWRITE for private mappings, though we do clear
> > VM_MAYEXEC if not executable.
> > 
> > It would be nice to use VM_MAY* flags for this logic but we can only
> > emulate MDWE if we change the semantics of 'MAY': only check the 'MAY'
> > flags for permissions being changed (e.g. allow PROT_EXEC if the vma is
> > already VM_EXEC even if !VM_MAYEXEC). Another issue is that we end up
> > with some weird combinations like having VM_EXEC without VM_MAYEXEC
> > (maybe that's fine).
> 
> No, we wouldn't want VM_EXEC if VM_MAYEXEC is not set. I don't immediately
> see how that would happen.

You are right, this shouldn't happen. What I had in mind was the current
MDWE model where after an mmap(PROT_EXEC), any mprotect(PROT_EXEC) is
denied. But this series departs slightly from this since we want to
allow PROT_EXEC if already executable.

-- 
Catalin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ