diff options
| author | Kees Cook <[email protected]> | 2020-08-11 18:36:30 -0700 |
|---|---|---|
| committer | Linus Torvalds <[email protected]> | 2020-08-12 10:58:01 -0700 |
| commit | 0fd338b2d2cdf827091ae819ae90ad760b94ad0c (patch) | |
| tree | 1676646361377dc5f10c7dfb56044dc44d991293 /scripts/gdb/linux/rbtree.py | |
| parent | 633fb6ac39801514613fbe050db6abdc3fe744d5 (diff) | |
exec: move path_noexec() check earlier
The path_noexec() check, like the regular file check, was happening too
late, letting LSMs see impossible execve()s. Check it earlier as well in
may_open() and collect the redundant fs/exec.c path_noexec() test under
the same robustness comment as the S_ISREG() check.
My notes on the call path, and related arguments, checks, etc:
do_open_execat()
struct open_flags open_exec_flags = {
.open_flag = O_LARGEFILE | O_RDONLY | __FMODE_EXEC,
.acc_mode = MAY_EXEC,
...
do_filp_open(dfd, filename, open_flags)
path_openat(nameidata, open_flags, flags)
file = alloc_empty_file(open_flags, current_cred());
do_open(nameidata, file, open_flags)
may_open(path, acc_mode, open_flag)
/* new location of MAY_EXEC vs path_noexec() test */
inode_permission(inode, MAY_OPEN | acc_mode)
security_inode_permission(inode, acc_mode)
vfs_open(path, file)
do_dentry_open(file, path->dentry->d_inode, open)
security_file_open(f)
open()
/* old location of path_noexec() test */
Signed-off-by: Kees Cook <[email protected]>
Signed-off-by: Andrew Morton <[email protected]>
Cc: Alexander Viro <[email protected]>
Cc: Aleksa Sarai <[email protected]>
Cc: Christian Brauner <[email protected]>
Cc: Dmitry Vyukov <[email protected]>
Cc: Eric Biggers <[email protected]>
Cc: Tetsuo Handa <[email protected]>
Link: http://lkml.kernel.org/r/[email protected]
Signed-off-by: Linus Torvalds <[email protected]>
Diffstat (limited to 'scripts/gdb/linux/rbtree.py')
0 files changed, 0 insertions, 0 deletions