From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id B7423C46CD2 for ; Wed, 24 Jan 2024 17:21:19 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id 4AC436B007B; Wed, 24 Jan 2024 12:21:19 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 434E46B0082; Wed, 24 Jan 2024 12:21:19 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 2AEAC6B0083; Wed, 24 Jan 2024 12:21:19 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0012.hostedemail.com [216.40.44.12]) by kanga.kvack.org (Postfix) with ESMTP id 1624B6B007B for ; Wed, 24 Jan 2024 12:21:19 -0500 (EST) Received: from smtpin25.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id DECDEA210F for ; Wed, 24 Jan 2024 17:21:18 +0000 (UTC) X-FDA: 81714870636.25.884B4B9 Received: from mail-pf1-f173.google.com (mail-pf1-f173.google.com [209.85.210.173]) by imf11.hostedemail.com (Postfix) with ESMTP id B0D2740018 for ; Wed, 24 Jan 2024 17:21:16 +0000 (UTC) Authentication-Results: imf11.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b="Q8/RTNlN"; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf11.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.173 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706116876; a=rsa-sha256; cv=none; b=HRRH21rnL5f0x8unVnXXi5xn1aIKnBvbGyM7q92+3kaBWjmaW/ybBOE/RHtagQuljiYyhs WAImvDfVcu34Ztk6iKMAcw/DNWgIaYOqGLTnXzceQg4E1kxtQ+inaGdNDr0YbQ4D4FpGoB PhH4ZqUihLw1HvJZBr31gCD3UkW4ics= ARC-Authentication-Results: i=1; imf11.hostedemail.com; dkim=pass header.d=chromium.org header.s=google header.b="Q8/RTNlN"; dmarc=pass (policy=none) header.from=chromium.org; spf=pass (imf11.hostedemail.com: domain of keescook@chromium.org designates 209.85.210.173 as permitted sender) smtp.mailfrom=keescook@chromium.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706116876; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=o3H+ezh5j15p10TUIQ78gJT0AbI3MbNz0EQ5MG5g6Js=; b=JwQYlKOKgihEIr2qVhZgF3zaQWwYyg4V5gHL5gUcJGK6rpdT75j4zk9BmL/E9i8IeGPT4o iUNcW5QBEBGgEHpZUT7TtYRcawXsbauxODN3ZSOJkFfqgOVKIt6ZoxHRGoQ+ahaWyN8Meb YoFlYHkN8VLnU4xuEO6yos4140YC4Co= Received: by mail-pf1-f173.google.com with SMTP id d2e1a72fcca58-6db9e52bbccso3661446b3a.3 for ; Wed, 24 Jan 2024 09:21:16 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; t=1706116875; x=1706721675; darn=kvack.org; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:from:to:cc:subject:date:message-id:reply-to; bh=o3H+ezh5j15p10TUIQ78gJT0AbI3MbNz0EQ5MG5g6Js=; b=Q8/RTNlNgrIH/mwxc7CAGyYYV4MJrWmq7fp092qrJpdDGaZuJU6iSby0/YlOYpU+gM l2E6cwjrzTpEcrlO38w04lBl+5OCmOD+Y/p3g6w9IB1BOMGvLk0mKJtaNLL6lrIdzeK9 tNy6ucmisMQwRzyxaqu6iadfNYH+3rXbAYN0o= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706116875; x=1706721675; h=in-reply-to:content-disposition:mime-version:references:message-id :subject:cc:to:from:date:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=o3H+ezh5j15p10TUIQ78gJT0AbI3MbNz0EQ5MG5g6Js=; b=ZmGd0rQJi6tChCuElg509BYZh4a5eIssc1KWDUw+BU/CSUQnvK17xPMj7RFrpI4p41 zjgayuhihl1g0h6+VlLp7IRZj+PhjDqnK0G2PRD8CyX3yJQyFw3c9XbxPfUIXG/as5yq rYRglyWRbtFHlFq0XsmPf/p3QPt+SUmPCPynVLV3Q9tEg030way9NaUnFoUpP8yJiqsI 5ud2SEopAYHDlEFEGcRgcN/PtpWoGNxFD2hSP2WbJokajXOEQiS7TuFS9c1U6RG2FklZ gsXWS/RrlCXKnmEmHf6an8dYVW6hQnrKOxMiK8p1guk5KrgOnYTlW6Sl6Eea+oGt+9jg GTxQ== X-Gm-Message-State: AOJu0YzysSy1e8H7N1UQKuW6XI64EkQcsD0jS7DBtBgIDNt7WMIvZZe7 PGwtp6Hw1aAi4YgYUwyLnWp973bMHWYrrzz55Tkcf+sy/F0WpiL5Q0l1aP+0yw== X-Google-Smtp-Source: AGHT+IF8mYZHsXtIZHYmarYRM5N7qbVfGOw6LSL+xSG6379FubnYGny6wPevlrY8z5lhGqrKJ4N0fA== X-Received: by 2002:a17:90a:cf87:b0:28d:c7bf:3a12 with SMTP id i7-20020a17090acf8700b0028dc7bf3a12mr4364083pju.8.1706116875365; Wed, 24 Jan 2024 09:21:15 -0800 (PST) Received: from www.outflux.net ([198.0.35.241]) by smtp.gmail.com with ESMTPSA id st13-20020a17090b1fcd00b0028cf59fea33sm13880703pjb.42.2024.01.24.09.21.14 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 24 Jan 2024 09:21:14 -0800 (PST) Date: Wed, 24 Jan 2024 09:21:14 -0800 From: Kees Cook To: Linus Torvalds Cc: Kevin Locke , John Johansen , Josh Triplett , Mateusz Guzik , Al Viro , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org Subject: Re: [6.8-rc1 Regression] Unable to exec apparmor_parser from virt-aa-helper Message-ID: <202401240916.044E6A6A7A@keescook> References: <202401240832.02940B1A@keescook> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: X-Rspam-User: X-Rspamd-Server: rspam06 X-Rspamd-Queue-Id: B0D2740018 X-Stat-Signature: hsm41czdgpc87k1qoohsbcc4iwqb5j5e X-HE-Tag: 1706116876-436264 X-HE-Meta: U2FsdGVkX1/pIqKB7bxlyakkcWvHjDapIgEmrVdt67Mrpbyw6d7SZKF6qSlnZP6NlUx92sA/SW86CsgQF3Wt9P65KXkUnWTbFoyHDxtrSTEX6/ZFI6KjXiI18qI1QJFN3SLQkoOvDVVUxtZbo2Osus27vnefQ2Oh357OiIwjOjFGmpkSxPCr1bDVFy5AE3ClTGEqfVwP9pLbSiUyrwtqPWL+0hYjD0z76u0wWRW+tRDbO2ZyEcOCa5BM0XfzC4ZvuvDe0bu9zHVQ+3pW5QWSy/fNfnflUD39RqzW8080t2zHMycqS59Gz0JjjauJRWeyRWEahqJe6EJf3kGt2Ifc3E1dZM9irfWwFyKQR3Ic5WCi/SN0zz0ZiDIOhucGFu4pmdWOzkCSQMtwEFRg/8USsLsSdPCugYDzsO1cwBVLolMxs3iYAjIID9kVh7KE5x1/MeA8YVwy7oxP7DYbGUfLzU487VIohTk/HRYYxB5Ktb/m0eUq5SIOvUZ+dDlMUE+udAjhJeXlmEwBT8IpkWi3rhHZmYsFtEVB/oQs9gzTkxrAkaoaM6qMHnL6HGlXM+/ml3Vuh6gIyqrrapWTD85K45xodlixJ3Ylon6ZnVQAkfcUl2RgNjVjS67Eh/sWYtS4DICetaLabZGdY+D6jZXXdH541J+qgI0wsvR8s94QEvVmRFBm9Al1ORGL/Q3OA4ADVIdkBkiTAgsvJ16gAHCrkJxhZWKsGvZtKHWAC+KH//O5OvNq+IAYb6+rJXtbfphq89TdZh4Vi37uj1JeiAXKaWterqFAMara+AhDc4VuMBiMizb0s982WjlilVrZmR725K7VNyXJtO184+tt19J441+EO2GVSUVyKPhaJuCbui44T34cNPGU9Ww+9nYeuOKnS4uLmtBY4wyi98n0D5Vq3rzkW7qwOpNKfBGFshwcnqPDTgAEu/LyBNH7hnsealCo7BbV+6SYkLick7fbBZn OrspJUQF lS/ReCIVgAjbETu1zBd2BG9wHxDxHV2fnXhvi70e6mPFXx5S8xWF/2J5CQWqTokyp6+lQ4WqViiZ0/QrxEdzLEdY696ywyxuf00t0pX1dhiMTC0ODGuvQe7TQzAqaOayJeiFGsCJYdd6oIDvF+u2PJcdveAfjCkMb56v0O/bc3BWfZF0WB0hF+z3105uGd71Np98+8f7895Sr0ks30evZv/ueTaVoVyLkKQU7vCnDkwsCT7/cST4DSUVXVfmVDI5HO5NZAQR2nX2h9WJoQsEYGEFQMdh3Fdrxgmj1thvfn2Ll4wQE2e7q9Y7+JfyxdL9fznpHzVJBraNvK+TvQ2NpZrH9HfkNnutQ+fx6xWR/v8S3Z3t4fld4WqojoVLWeGgd1q732ou2rqCheeb65wS2sGgPnh0C5UJ/qHSLDR70B/mHa6IkihoKCZEtYfU2UO4H30XGi+r79Gn+eZY= X-Bogosity: Ham, tests=bogofilter, spamicity=0.002668, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Jan 24, 2024 at 09:10:58AM -0800, Linus Torvalds wrote: > On Wed, 24 Jan 2024 at 08:54, Linus Torvalds > wrote: > > > > Hmm. That whole thing is disgusting. I think it should have checked > > FMODE_EXEC, and I have no idea why it doesn't. > > Maybe because FMODE_EXEC gets set for uselib() calls too? I dunno. I > think it would be even better if we had the 'intent' flags from > 'struct open_flags' available, but they aren't there in the > file_open() security chain. I think there were other problems that I might have already fixed when I reorganized things in commit 0fd338b2d2cd ("exec: move path_noexec() check earlier") to more correctly map to LSM checks. > Anyway, moving current->in_execve earlier looks fairly trivial, but I > worry about the randomness. I'd be *so*( much happier if this crazy > flag went away, and it got changed to look at the open intent instead. > > Attached patch is ENTIRELY UNTESTED. And disgusting. I opted to tie "current->in_execve" lifetime to bprm lifetime just to have a clean boundary (i.e. strictly in alloc/free_bprm()). -Kees -- Kees Cook