From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 557CAC47DDF for ; Wed, 24 Jan 2024 20:51:55 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id DD43A8D0009; Wed, 24 Jan 2024 15:51:54 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id D5D758D0001; Wed, 24 Jan 2024 15:51:54 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id BD7058D0009; Wed, 24 Jan 2024 15:51:54 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id A7F7F8D0001 for ; Wed, 24 Jan 2024 15:51:54 -0500 (EST) Received: from smtpin19.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay07.hostedemail.com (Postfix) with ESMTP id F3F41160807 for ; Wed, 24 Jan 2024 20:51:53 +0000 (UTC) X-FDA: 81715401348.19.E2C7C92 Received: from mail-ed1-f48.google.com (mail-ed1-f48.google.com [209.85.208.48]) by imf19.hostedemail.com (Postfix) with ESMTP id 5AC031A0013 for ; Wed, 24 Jan 2024 20:51:52 +0000 (UTC) Authentication-Results: imf19.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=FKF2+y1s; spf=pass (imf19.hostedemail.com: domain of jannh@google.com designates 209.85.208.48 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1706129512; a=rsa-sha256; cv=none; b=ATtwQagFhANVew4KhSD9tAwS1oxJUyxb/o6rC6SqufrcErDjhMGw364Mu3+8yZjH+n50eH LV/ROzFm3eBRNOV7TZhl+08z7fT0iHcklz8Qt3nGgylWsBy68WkLadtLsEWtIs55W28g8m SZIzuIWmkoBXdeKiV7HgdmPT63JoBEM= ARC-Authentication-Results: i=1; imf19.hostedemail.com; dkim=pass header.d=google.com header.s=20230601 header.b=FKF2+y1s; spf=pass (imf19.hostedemail.com: domain of jannh@google.com designates 209.85.208.48 as permitted sender) smtp.mailfrom=jannh@google.com; dmarc=pass (policy=reject) header.from=google.com ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1706129512; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=8AHF91uvt8/XRr8nVpdx7OTkc9kUJK+Zdwkb7E1C+tM=; b=rx/xpmOYtRxnotLEvYbpO9YhvCdi84X6Xp72A7nCwEQfk6ASV3z6yb50sPcdneA8ElrqU5 r8y0rmEmq8j0/I0G8qVBFbV7SHJrNv+BYDK8MhMjPqPUMcmOFL0EHme+tjdn7jRIKPgpQu XI7K70QUmd+dOulXdpADndAAI5yVpaM= Received: by mail-ed1-f48.google.com with SMTP id 4fb4d7f45d1cf-55818b7053eso4398a12.0 for ; Wed, 24 Jan 2024 12:51:52 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20230601; t=1706129511; x=1706734311; darn=kvack.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=8AHF91uvt8/XRr8nVpdx7OTkc9kUJK+Zdwkb7E1C+tM=; b=FKF2+y1szmHb1evokZ8jLo1BRcHGs/7jv1SAEXLyUHIcF3GA9pwVgqvg8w0AUmnb0y LdnAu0AcKrhWWNE2WqqAUVe+9pxJ3lPfo0plsPjiyTPeIaJi3J8boq6ZfIM6G4af26GM 0j/ZwwaNxCnMdRRMtyEd+WHGVxgiHOwACY2no35YCJzE+AphUrUm6SEFEB+DQs5q2+g6 0n72H/81C0Ehp62inD9LME6KoCkRMxh9uaoFmUAATHVeRlfUV/MeAFN1ADuNcvKIh2w6 C68I2MWEK+vlOZHcrgLNW7YrKhsNRhQRRkJuvlacG5MGcVDVBb89wGleew1KRLw+0CHa gW7A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1706129511; x=1706734311; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8AHF91uvt8/XRr8nVpdx7OTkc9kUJK+Zdwkb7E1C+tM=; b=ORXsoBkqQTZ+sgrV46oDw6ropbLZSUdWS5+Kqh+1oau402mjrWOdkQrJZBjXiC8fRT teIgd8I295lqxi6Efpisn3jll+TufeaNYWinMp2nusJ77pw8C/xeYvPZdX3l/rOzlObu 7l9rS1v5fBIjmZLq0nQaxrCp5aECmg8LvkyYO2cyUKfh8fUybDfMyl75A9/j5v8gz24k w5UZ1y3AthkPwiLKewle9gSoyUtlw7UMWGa5qHBY4lsTo9gCai02cMPBrhPpOzWPQmRx u1SDUW0VtIBrMiEh0j1F5kXEBACp3kDxi/esJ2IqCvLLZYnD4J5LC0zRGwPi5UW6Zxkm bkSg== X-Gm-Message-State: AOJu0YwtI0uE+fS57vXHGlMGPrq9/nIcyY1UKv81r3wvGVuMDe8ZVcqv x1KOy7SmIj/DlmffZnXd4YimaVtYDLIEi8EWqcP0jK1G2hYGAlU8lXCvsWDu+RpLBo0TtNV8WWr TukiYiExT5eyF/Z5VgQed5UTw6BOCPhUIrOuu X-Google-Smtp-Source: AGHT+IFSJu3YtHxJ1C9xsiD6VboT0OpL149sYEOn3JiasNKwbqmVCWDsj+0AThh+onMYWiLSwFji1svlzJHw50Lzx7w= X-Received: by 2002:a05:6402:b77:b0:55a:7f4e:1d62 with SMTP id cb23-20020a0564020b7700b0055a7f4e1d62mr47583edb.4.1706129510820; Wed, 24 Jan 2024 12:51:50 -0800 (PST) MIME-Version: 1.0 References: <20240124192228.work.788-kees@kernel.org> <202401241206.031E2C75B@keescook> In-Reply-To: From: Jann Horn Date: Wed, 24 Jan 2024 21:51:13 +0100 Message-ID: Subject: Re: [PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs To: Linus Torvalds Cc: Kees Cook , Josh Triplett , Kevin Locke , John Johansen , Paul Moore , James Morris , "Serge E. Hallyn" , Kentaro Takeda , Tetsuo Handa , Alexander Viro , Christian Brauner , Jan Kara , Eric Biederman , Andrew Morton , Sebastian Andrzej Siewior , linux-fsdevel@vger.kernel.org, linux-mm@kvack.org, apparmor@lists.ubuntu.com, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Server: rspam08 X-Rspamd-Queue-Id: 5AC031A0013 X-Stat-Signature: 115pm1ubezkd5dcetnjicfed4kh5sagh X-Rspam-User: X-HE-Tag: 1706129512-332714 X-HE-Meta: U2FsdGVkX1/kbiU+uOY7ujmmG5O+hZRLA2k+txa90qyjhPV7ov/sVvd45hXF+hKl3Vkpplf3qgZL7qdu03LxCT4r90letsdnhrwhSNUcvYz8hoO27W2SDdUB7f3g5kcmBSJVVlB6oJmC7NvY0tu60hhqHkowha2sUlpr7qKO8oe3k4JpS/YRXR0pzCU+SD9w0d3jW9rFvDLCWYj9IO8IpNOYOGvo1X8yh0hST5kTQch/X1Uejq/iaNVveDid1oqZwCojkolk8HKfGD5hQa+NfFDWtuQA/OTA71HLCV4mBpYq5BLBI6d8T/EsSnk4gTWKLISuVi3l41WZSNOun1U1QW+xSAG/y3abkZsrYlmec0aEsztdpXXHBrPIVod/eQDNz/MVvYHsleQbexMdrL0Mth1rdbnXb8PcacNtDdOto6AtAXQaF5VdWz/TmmJ7vAsCJb7izuoz5IrE81jbFrFThS1JdNvocrlWgLSmCqCz68hzKdT8IVHmZFYEgObWAbEBbDbHTi3R5aCbMB82fv032Nf3lSpoo7YxQSavktngRA2H+lV8lY/hJzs23baT9B1n/kdwSPnb9304Ts9LDAHRFZvr5+Ax9gLb4JzP7E1U3Fxg5hDhl4uqBDgh6F/1Cn0L3e/4fklHpV3wGrc4nQCENbJ45eaozk8cufOc4b3uHkM33UohMwAInb3NZ/sWgW3ghMvo4jEWhbdywnXhBYBLODEdIQ4MQwBkTxhUGjPDv3LzFpYFLCMPhGpFCbm9BCM8DbiAZF/ZPCY7kjFcZbGGo604yBfXjU4uNCBPXzddJ5JA4zW/iqtnHEpYODaPviLF3XwC5C8EN0Lfdlj7D09GMyx0vFJGKWV5Ehz24SMAgm0ThQ5EQ8u9MMf/lgZIwDPwiOfoDiCQaUsiv2I08pJ7dpsIhPOrWvMdqjs2tUX4hCRth6tFktlzjsN3v8qIscjOlAKhnlFqFMVw4ddLCsd hbWldQ2i Fqcn4qrprznhM1hIvb81dyxpKhd0dga+ZoDTMjfdR274CNxE= X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On Wed, Jan 24, 2024 at 9:47=E2=80=AFPM Linus Torvalds wrote: > > On Wed, 24 Jan 2024 at 12:15, Kees Cook wrote: > > > > Hmpf, and frustratingly Ubuntu (and Debian) still builds with > > CONFIG_USELIB, even though it was reported[2] to them almost 4 years ag= o. > > Well, we could just remove the __FMODE_EXEC from uselib. > > It's kind of wrong anyway. > > Unlike a real execve(), where the target executable actually takes > control and you can't actually control it (except with ptrace, of > course), 'uselib()' really is just a wrapper around a special mmap. > > And you can see it in the "acc_mode" flags: uselib already requires > MAY_READ for that reason. So you cannot uselib() a non-readable file, > unlike execve(). > > So I think just removing __FMODE_EXEC would just do the > RightThing(tm), and changes nothing for any sane situation. Sounds like a good idea. That makes this codepath behave more as if userspace had done the same steps manually...