From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <owner-linux-mm@kvack.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on
	aws-us-west-2-korg-lkml-1.web.codeaurora.org
Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17])
	by smtp.lore.kernel.org (Postfix) with ESMTP id 0645AC54E58
	for <linux-mm@archiver.kernel.org>; Fri, 15 Mar 2024 20:22:54 +0000 (UTC)
Received: by kanga.kvack.org (Postfix)
	id 29C4480140; Fri, 15 Mar 2024 16:22:54 -0400 (EDT)
Received: by kanga.kvack.org (Postfix, from userid 40)
	id 24C3E800B4; Fri, 15 Mar 2024 16:22:54 -0400 (EDT)
X-Delivered-To: int-list-linux-mm@kvack.org
Received: by kanga.kvack.org (Postfix, from userid 63042)
	id 1148780140; Fri, 15 Mar 2024 16:22:54 -0400 (EDT)
X-Delivered-To: linux-mm@kvack.org
Received: from relay.hostedemail.com (smtprelay0016.hostedemail.com [216.40.44.16])
	by kanga.kvack.org (Postfix) with ESMTP id 025B6800B4
	for <linux-mm@kvack.org>; Fri, 15 Mar 2024 16:22:53 -0400 (EDT)
Received: from smtpin27.hostedemail.com (a10.router.float.18 [10.200.18.1])
	by unirelay06.hostedemail.com (Postfix) with ESMTP id C0787A0D67
	for <linux-mm@kvack.org>; Fri, 15 Mar 2024 20:22:53 +0000 (UTC)
X-FDA: 81900397026.27.1074760
Received: from mail-yb1-f180.google.com (mail-yb1-f180.google.com [209.85.219.180])
	by imf17.hostedemail.com (Postfix) with ESMTP id C8CBA4000D
	for <linux-mm@kvack.org>; Fri, 15 Mar 2024 20:22:51 +0000 (UTC)
Authentication-Results: imf17.hostedemail.com;
	dkim=pass header.d=paul-moore.com header.s=google header.b=CGwza3tu;
	dmarc=pass (policy=none) header.from=paul-moore.com;
	spf=pass (imf17.hostedemail.com: domain of paul@paul-moore.com designates 209.85.219.180 as permitted sender) smtp.mailfrom=paul@paul-moore.com
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com;
	s=arc-20220608; t=1710534172;
	h=from:from:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references:dkim-signature;
	bh=gBonRzz3p7T5k46qGOTqJyZ8xFk1UhNgPyID6ocUfTs=;
	b=XAOU98BwIDXLWsGrC2yBpj1hbSgzhE5BMmn+vWDSVdmkndS8GkU1seJOLTreVsPDr6QGBo
	a0mzzE3dKOvOhAh+gMW2QLyfnIECNoZOnTrPJxAb0wX9Z2co9iFlW8AzIWqUIE1nHJ7run
	oZeTx3lU36+hhox0vjBhlBe2WGmKUxM=
ARC-Authentication-Results: i=1;
	imf17.hostedemail.com;
	dkim=pass header.d=paul-moore.com header.s=google header.b=CGwza3tu;
	dmarc=pass (policy=none) header.from=paul-moore.com;
	spf=pass (imf17.hostedemail.com: domain of paul@paul-moore.com designates 209.85.219.180 as permitted sender) smtp.mailfrom=paul@paul-moore.com
ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710534172; a=rsa-sha256;
	cv=none;
	b=eSgspDXGt8WWl8RqicTjL24vCNRV4VSIoXVWaiyGS8JxR0vjSdj/ANlSqdveZs5RZPvRG6
	0RvdeDl7/szqsp/HPQDaFfTp4rAaXA5FCdq6/RSyOWTIo2/Ucep+7y+hn+G+teOmSLHX9P
	APMCETXLX/j9Z6Uh4xQcb7LS/fGxjH0=
Received: by mail-yb1-f180.google.com with SMTP id 3f1490d57ef6-dcc4de7d901so2152789276.0
        for <linux-mm@kvack.org>; Fri, 15 Mar 2024 13:22:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=paul-moore.com; s=google; t=1710534171; x=1711138971; darn=kvack.org;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:from:to:cc:subject:date
         :message-id:reply-to;
        bh=gBonRzz3p7T5k46qGOTqJyZ8xFk1UhNgPyID6ocUfTs=;
        b=CGwza3tu8xxp8K1A3Y4XiRMkD33E5K4xInaVq9lnRzcGZMOwPOmtNI6Qk/+SdX6IZM
         VeSqleHpJh6GKdnT2KCe3LwUwZWrWkkL1nemyv4e53Aw66GNkcIRZDEnYix9wCIvj6WQ
         ivdXws0wPVwow1RRLpo9fsRV3vio3UqtjuXloW0Tpm4n9RyFmpgDXvp8ELONQ9py+ZZK
         dAbXPhUTKqqPrzL89/4lyrPLyiRn8nsF7Bgn6E/ckAEqnM2TSQmzAv8faPGh2W6ZXSi9
         hiJVqw4uRTQendRiydyHPYqRv7lzn41d8JWZOCOZYMl6rB/etFhOjTsnwpwC9EMWALgv
         jZkA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1710534171; x=1711138971;
        h=content-transfer-encoding:cc:to:subject:message-id:date:from
         :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc
         :subject:date:message-id:reply-to;
        bh=gBonRzz3p7T5k46qGOTqJyZ8xFk1UhNgPyID6ocUfTs=;
        b=u0c6BnRVXM6W05m6ZViQKcbg5hMrmT0NJoMqAC/7cPWcZ0I2g9alyoPG4NIAxM4ZGO
         xZ7FEAUxtlUp4nli2ZNydfXJ28DLuQicH43cF/s7PADMKQcRu/kPGoN7juEH6omKe+eW
         OMXSMpcZWy6NMCaZWROW3zdY5pQJodC8mGQBFxOB07vnSHt9TkitIA2JBl5ILIqwJVvK
         grGF+1enQ8Li22Rr+wxgXkg3QP164VUYGIx7u+0F9ILiPKolfMi9k7A3CUpGaXFhsZNC
         XGbGbMUdIcHYCzbeFNZaD6dtEA8qPiIIfjxRvh44RZ6ZRBUZ3NeoRmBy1t37Lqs/l3Op
         WgCQ==
X-Forwarded-Encrypted: i=1; AJvYcCWHH8QKF1rmfucjw20Xkxsul8Eiw2jW4aBEVojPlnHg4lDSFspuzi2h06yvdXhXqhaTUviJI6MbgifMaP+2SOiYzxc=
X-Gm-Message-State: AOJu0YzWqo4u8Eu/UPiQoRAjSH4pCDHhWFfP+lEN/nEpBvyth1+eFvpt
	twq8lIiYxfIZDleKScm3woCd0jKDG7cXns2DhvxsBxRjrgVWR2RNO3tvisrLuu8NJ5EjQC5jKzg
	6WQsZ3MtqkYYVE+nydXuiTVVKjbxUbxXxd/Jf
X-Google-Smtp-Source: AGHT+IGSDFt1vIKYhod9g2539+aNN1VmiBEvQparnLMX4WXbzqChdKXl44697jo5nxySNaWvQPnKlRRV0GqAJ8FZpbw=
X-Received: by 2002:a25:b31b:0:b0:dcb:aa26:50fe with SMTP id
 l27-20020a25b31b000000b00dcbaa2650femr6505753ybj.15.1710534170699; Fri, 15
 Mar 2024 13:22:50 -0700 (PDT)
MIME-Version: 1.0
References: <20240315181032.645161-1-cgzones@googlemail.com> <20240315181032.645161-2-cgzones@googlemail.com>
In-Reply-To: <20240315181032.645161-2-cgzones@googlemail.com>
From: Paul Moore <paul@paul-moore.com>
Date: Fri, 15 Mar 2024 16:22:39 -0400
Message-ID: <CAHC9VhRkawYWQN0UY2R68Qn4pRijpXgu97YOr6XPA7Ls0-zQcA@mail.gmail.com>
Subject: Re: [RFC PATCH 1/2] lsm: introduce new hook security_vm_execstack
To: =?UTF-8?Q?Christian_G=C3=B6ttsche?= <cgzones@googlemail.com>
Cc: linux-security-module@vger.kernel.org, 
	Eric Biederman <ebiederm@xmission.com>, Kees Cook <keescook@chromium.org>, 
	Alexander Viro <viro@zeniv.linux.org.uk>, Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>, 
	James Morris <jmorris@namei.org>, "Serge E. Hallyn" <serge@hallyn.com>, 
	Khadija Kamran <kamrankhadijadj@gmail.com>, Andrii Nakryiko <andrii@kernel.org>, 
	Casey Schaufler <casey@schaufler-ca.com>, Alexei Starovoitov <ast@kernel.org>, 
	Ondrej Mosnacek <omosnace@redhat.com>, Roberto Sassu <roberto.sassu@huawei.com>, 
	Alfred Piccioni <alpic@google.com>, John Johansen <john.johansen@canonical.com>, linux-mm@kvack.org, 
	linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Rspamd-Queue-Id: C8CBA4000D
X-Rspam-User: 
X-Rspamd-Server: rspam05
X-Stat-Signature: bdj11psqyc8fnme9m8yqehm585d41ep4
X-HE-Tag: 1710534171-148215
X-HE-Meta: U2FsdGVkX1/ZH2MzsxiSYt80VaDQbu1oXwrcaY3qoUCOA6rthiB9CSFvSW8t6COb67inU3ZqIWxG7hemNtDJ/sGVuTsGoo5UJd28Bt3CQuqCUlD1+VhtieHrfdT6hfjTa/8mKxG7MNIJ1+MYseziZtRWCeKUxME+3utLalr7GKWeB2E7PpdSyrWCIVANkX+KRwSv5NIROaXV2pVH49cUmL+EzfixNRCi30PnX4WxXyAcVMNlOwa0zV7wLZjqXSHS0QZIkVllOx9gnNEMBUvEK7EbreTbxNqQ80JWEQyxziN5/+jBlgwv+PuKxU+l7NtG68zePGCE+h2uR+35BEQdhMpiY40us2Sr/kIFETpIrbR+kBmzJOI3FNxWcpFkGkAgs0f87AUAx6CCYCHDEZfxk6Du5RuncsJqRjv2VcKVX9M4C0ArzWGdmD/DluItT138UYQ1KbnnzEXx3/SldU7ANcw0kF7N9ytEoxOHa+MYN3EimBEai8+LmV56zffkssiHy1fRFJ4SD1Y9dXzYa6WV/UglPuwwepkoyY+Vt6WIhRBYaMHaqir2wF49umjJLvEAwc/8Exev/SY8fzat6SyPmd7GX9dXWTpNni80GShjkoeR5RCj8G8dh8ulVwUZVmwKDS6OldTwTrHKvELLrr//STH3GXqCnIadrgqp25G8+6jHkg8rQgqciuEo954HUbWw2GISc/898XeFid/sW22SgFsRKiUmAI0VG6w9am4k00D3ous1bC0ftPrfbjnye2d+9Puko9gYgXcpaNz23Ex4Vl5zTUJfN5AWDgJQaDtbJRmrQRjCzkKHOZJ3rgCnkpd+Bn9x3jnBrzWA5/CAtIoXT6SlnRL0mHXoE5Q8DBzYWix2dd4bU9wi5RbRFyVHjJ3LB3vwC8IT4E1SAuubZG6HVvmkIJ/0Me+4DOQ5CNvqoYvuQU5LhWocsSmeutHsqbWItE8CvZj1U2bM/KMQMCZ
 h1n4aOL/
 2ab6mihcrAcGBtyW60CXBg9GU/gJ2cj5UUJbEsWmH9wGEOMeBvnNw+/KZ+odXHXY4VsXI5avlN0GmnvL0a5sqwWmXo10nOcvjJbcbSwxbtoVSE8+5C0yekFY7nD3F3ro/zu31twqefFozChSXWBdadZ0dO7Wn5sQmVmx3S1vh5oS4BP3lvwaMfJSuIHA5wzJNa8AuRPeqaZvscCOh7TBvG7Qrf5beBRcOdiqBvSbVy/UKT6901oM2BsTqFpjHPeg54zj4rPvrvKIg4OsJnISVe5PLEz28tVHRXzd5hqErIgoBgPKidLvv7DuCpADyqGTM3ESKgeZEl5aubdQIl68X1+pehvg8AF4mEPcc8DGzpchKgrvfaDltR59qpwYtT0ovKKzyl97dkfgBzRjGicjHjy5AJg==
X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4
Sender: owner-linux-mm@kvack.org
Precedence: bulk
X-Loop: owner-majordomo@kvack.org
List-ID: <linux-mm.kvack.org>
List-Subscribe: <mailto:majordomo@kvack.org>
List-Unsubscribe: <mailto:majordomo@kvack.org>

On Fri, Mar 15, 2024 at 2:10=E2=80=AFPM Christian G=C3=B6ttsche
<cgzones@googlemail.com> wrote:
>
> Add a new hook guarding instantiations of programs with executable
> stack.  They are being warned about since commit 47a2ebb7f505 ("execve:
> warn if process starts with executable stack").  Lets give LSMs the
> ability to control their presence on a per application basis.
>
> Signed-off-by: Christian G=C3=B6ttsche <cgzones@googlemail.com>
> ---
>  fs/exec.c                     |  4 ++++
>  include/linux/lsm_hook_defs.h |  1 +
>  include/linux/security.h      |  6 ++++++
>  security/security.c           | 13 +++++++++++++
>  4 files changed, 24 insertions(+)

Looking at the commit referenced above, I'm guessing the existing
security_file_mprotect() hook doesn't catch this?

> diff --git a/fs/exec.c b/fs/exec.c
> index 8cdd5b2dd09c..e6f9e980c6b1 100644
> --- a/fs/exec.c
> +++ b/fs/exec.c
> @@ -829,6 +829,10 @@ int setup_arg_pages(struct linux_binprm *bprm,
>         BUG_ON(prev !=3D vma);
>
>         if (unlikely(vm_flags & VM_EXEC)) {
> +               ret =3D security_vm_execstack();
> +               if (ret)
> +                       goto out_unlock;
> +
>                 pr_warn_once("process '%pD4' started with executable stac=
k\n",
>                              bprm->file);
>         }

Instead of creating a new LSM hook, have you considered calling the
existing security_file_mprotect() hook?  The existing LSM controls
there may not be a great fit in this case, but I'd like to hear if
you've tried that, and if you have, what made you decide a new hook
was the better option?

--=20
paul-moore.com