[v2,0/3] Relocate execve() sanity checks

Message ID	20200605160013.3954297-1-keescook@chromium.org (mailing list archive)
Headers	show Return-Path: <SRS0=20zy=7S=vger.kernel.org=linux-fsdevel-owner@kernel.org> From: Kees Cook <keescook@chromium.org> To: Andrew Morton <akpm@linux-foundation.org> Cc: Kees Cook <keescook@chromium.org>, Alexander Viro <viro@zeniv.linux.org.uk>, Aleksa Sarai <cyphar@cyphar.com>, Christian Brauner <christian.brauner@ubuntu.com>, Dmitry Vyukov <dvyukov@google.com>, Eric Biggers <ebiggers3@gmail.com>, Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: [PATCH v2 0/3] Relocate execve() sanity checks Date: Fri, 5 Jun 2020 09:00:10 -0700 Message-Id: <20200605160013.3954297-1-keescook@chromium.org> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: linux-fsdevel-owner@vger.kernel.org Precedence: bulk
Series	Relocate execve() sanity checks \| expand [v2,0/3] Relocate execve() sanity checks [v2,1/3] exec: Change uselib(2) IS_SREG() failure to EACCES [v2,2/3] exec: Move S_ISREG() check earlier [v2,3/3] exec: Move path_noexec() check earlier

Message ID

20200605160013.3954297-1-keescook@chromium.org (mailing list archive)

Headers

From: Kees Cook <keescook@chromium.org>
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Kees Cook <keescook@chromium.org>,
        Alexander Viro <viro@zeniv.linux.org.uk>,
        Aleksa Sarai <cyphar@cyphar.com>,
        Christian Brauner <christian.brauner@ubuntu.com>,
        Dmitry Vyukov <dvyukov@google.com>,
        Eric Biggers <ebiggers3@gmail.com>,
        Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>,
        linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org
Subject: [PATCH v2 0/3] Relocate execve() sanity checks
Date: Fri,  5 Jun 2020 09:00:10 -0700
Message-Id: <20200605160013.3954297-1-keescook@chromium.org>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: linux-fsdevel-owner@vger.kernel.org
Precedence: bulk

Series

Relocate execve() sanity checks | expand

Message

Kees Cook June 5, 2020, 4 p.m. UTC

Hi,

While looking at the code paths for the proposed O_MAYEXEC flag, I saw
some things that looked like they should be fixed up.

  exec: Change uselib(2) IS_SREG() failure to EACCES
	This just regularizes the return code on uselib(2).

  exec: Move S_ISREG() check earlier
	This moves the S_ISREG() check even earlier than it was already.

  exec: Move path_noexec() check earlier
	This adds the path_noexec() check to the same place as the
	S_ISREG() check.

v2:
- move checks into may_open() using acc_mode instead of f_mode to correctly
  compose with other inode file type tests[1].
- drop the FMODE_EXEC f_flags -> f_mode change for now since it remains
  unclear if it's useful (and is not needed any more for this series).
v1: https://lore.kernel.org/linux-api/20200518055457.12302-1-keescook@chromium.org/

Thanks!

-Kees

[1] https://lore.kernel.org/lkml/202006041910.9EF0C602@keescook/

Kees Cook (3):
  exec: Change uselib(2) IS_SREG() failure to EACCES
  exec: Move S_ISREG() check earlier
  exec: Move path_noexec() check earlier

 fs/exec.c  | 23 ++++++++++++++---------
 fs/namei.c | 10 ++++++++--
 fs/open.c  |  6 ------
 3 files changed, 22 insertions(+), 17 deletions(-)

Comments

Andrew Morton June 6, 2020, 12:40 a.m. UTC | #1

On Fri,  5 Jun 2020 09:00:10 -0700 Kees Cook <keescook@chromium.org> wrote:

> While looking at the code paths for the proposed O_MAYEXEC flag, I saw
> some things that looked like they should be fixed up.
> 
>   exec: Change uselib(2) IS_SREG() failure to EACCES
> 	This just regularizes the return code on uselib(2).
> 
>   exec: Move S_ISREG() check earlier
> 	This moves the S_ISREG() check even earlier than it was already.
> 
>   exec: Move path_noexec() check earlier
> 	This adds the path_noexec() check to the same place as the
> 	S_ISREG() check.

Thanks.

These don't seem super-urgent and they aren't super-reviewed, so I
suggest we hold them off until the next cycle?

Kees Cook June 6, 2020, 1:45 a.m. UTC | #2

On Fri, Jun 05, 2020 at 05:40:53PM -0700, Andrew Morton wrote:
> On Fri,  5 Jun 2020 09:00:10 -0700 Kees Cook <keescook@chromium.org> wrote:
> 
> > While looking at the code paths for the proposed O_MAYEXEC flag, I saw
> > some things that looked like they should be fixed up.
> > 
> >   exec: Change uselib(2) IS_SREG() failure to EACCES
> > 	This just regularizes the return code on uselib(2).
> > 
> >   exec: Move S_ISREG() check earlier
> > 	This moves the S_ISREG() check even earlier than it was already.
> > 
> >   exec: Move path_noexec() check earlier
> > 	This adds the path_noexec() check to the same place as the
> > 	S_ISREG() check.
> 
> Thanks.
> 
> These don't seem super-urgent and they aren't super-reviewed, so I
> suggest we hold them off until the next cycle?

Agreed; that's fine by me. It's mostly clean up and preparation for
performing future checking through the MAY_EXEC path.

And I'd love to get an Ack from Al or Aleksa, nudge nudge. :)