[PATCH 0/4] Relocate execve() sanity checks
Eric W. Biederman
ebiederm at xmission.com
Tue May 19 15:06:32 UTC 2020
Kees Cook <keescook at chromium.org> writes:
> Hi,
>
> While looking at the code paths for the proposed O_MAYEXEC flag, I saw
> some things that looked like they should be fixed up.
>
> exec: Change uselib(2) IS_SREG() failure to EACCES
> This just regularizes the return code on uselib(2).
>
> exec: Relocate S_ISREG() check
> This moves the S_ISREG() check even earlier than it was already.
>
> exec: Relocate path_noexec() check
> This adds the path_noexec() check to the same place as the
> S_ISREG() check.
>
> fs: Include FMODE_EXEC when converting flags to f_mode
> This seemed like an oversight, but I suspect there is some
> reason I couldn't find for why FMODE_EXEC doesn't get set in
> f_mode and just stays in f_flags.
So I took a look at this series.
I think the belt and suspenders approach of adding code in open and then
keeping it in exec and uselib is probably wrong. My sense of the
situation is a belt and suspenders approach is more likely to be
confusing and result in people making mistakes when maintaining the code
than to actually be helpful.
Eric
More information about the Linux-security-module-archive
mailing list