[PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs
Jann Horn
jannh at google.com
Wed Jan 24 20:51:13 UTC 2024
On Wed, Jan 24, 2024 at 9:47 PM Linus Torvalds
<torvalds at linux-foundation.org> wrote:
>
> On Wed, 24 Jan 2024 at 12:15, Kees Cook <keescook at chromium.org> wrote:
> >
> > Hmpf, and frustratingly Ubuntu (and Debian) still builds with
> > CONFIG_USELIB, even though it was reported[2] to them almost 4 years ago.
>
> Well, we could just remove the __FMODE_EXEC from uselib.
>
> It's kind of wrong anyway.
>
> Unlike a real execve(), where the target executable actually takes
> control and you can't actually control it (except with ptrace, of
> course), 'uselib()' really is just a wrapper around a special mmap.
>
> And you can see it in the "acc_mode" flags: uselib already requires
> MAY_READ for that reason. So you cannot uselib() a non-readable file,
> unlike execve().
>
> So I think just removing __FMODE_EXEC would just do the
> RightThing(tm), and changes nothing for any sane situation.
Sounds like a good idea. That makes this codepath behave more as if
userspace had done the same steps manually...
More information about the Linux-security-module-archive
mailing list