Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Jann Horn <jannh@xxxxxxxxxx>
Subject: Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC
From: Florian Weimer <fw@xxxxxxxxxxxxx>
Date: Tue, 28 Apr 2020 23:20:20 +0200
Cc: Mickaël Salaün <mic@xxxxxxxxxxx>, kernel list <linux-kernel@xxxxxxxxxxxxxxx>, Aleksa Sarai <cyphar@xxxxxxxxxx>, Alexei Starovoitov <ast@xxxxxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Christian Heimes <christian@xxxxxxxxxx>, Daniel Borkmann <daniel@xxxxxxxxxxxxx>, Deven Bowers <deven.desai@xxxxxxxxxxxxxxxxxxx>, Eric Chiang <ericchiang@xxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, Jan Kara <jack@xxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Matthew Garrett <mjg59@xxxxxxxxxx>, Matthew Wilcox <willy@xxxxxxxxxxxxx>, Michael Kerrisk <mtk.manpages@xxxxxxxxx>, Mickaël Salaün <mickael.salaun@xxxxxxxxxxx>, Mimi Zohar <zohar@xxxxxxxxxxxxx>, Philippe Trébuchet <philippe.trebuchet@xxxxxxxxxxx>, Scott Shell <scottsh@xxxxxxxxxxxxx>, Sean Christopherson <sean.j.christopherson@xxxxxxxxx>, Shuah Khan <shuah@xxxxxxxxxx>, Steve Dower <steve.dower@xxxxxxxxxx>, Steve Grubb <sgrubb@xxxxxxxxxx>, Thibaut Sautereau <thibaut.sautereau@xxxxxxxxxxx>, Vincent Strubel <vincent.strubel@xxxxxxxxxxx>, Kernel Hardening <kernel-hardening@xxxxxxxxxxxxxxxxxx>, Linux API <linux-api@xxxxxxxxxxxxxxx>, linux-security-module <linux-security-module@xxxxxxxxxxxxxxx>, linux-fsdevel <linux-fsdevel@xxxxxxxxxxxxxxx>
In-reply-to: <CAG48ez1bKzh1YvbD_Lcg0AbMCH_cdZmrRRumU7UCJL=qPwNFpQ@mail.gmail.com> (Jann Horn's message of "Tue, 28 Apr 2020 21:21:48 +0200")

* Jann Horn:

> Just as a comment: You'd probably also have to use RESOLVE_MAYEXEC in
> the dynamic linker.

Absolutely.  In typical configurations, the kernel does not enforce
that executable mappings must be backed by files which are executable.
It's most obvious with using an explicit loader invocation to run
executables on noexec mounts.  RESOLVE_MAYEXEC is much more useful
than trying to reimplement the kernel permission checks (or what some
believe they should be) in userspace.

Follow-Ups:
- Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC
  - From: Jann Horn

References:
- [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC
  - From: Mickaël Salaün
- Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC
  - From: Jann Horn

Prev by Date: [git pull] vfs.git fixes
Next by Date: Re: [PATCH 5/9] XArray: entry in last level is not expected to be a node
Previous by thread: Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC
Next by thread: Re: [PATCH v3 0/5] Add support for RESOLVE_MAYEXEC
Index(es):
- Date
- Thread

[Index of Archives] [Linux Ext4 Filesystem] [Union Filesystem] [Filesystem Testing] [Ceph Users] [Ecryptfs] [AutoFS] [Kernel Newbies] [Share Photos] [Security] [Netfilter] [Bugtraq] [Yosemite News] [MIPS Linux] [ARM Linux] [Linux Security] [Linux Cachefs] [Reiser Filesystem] [Linux RAID] [Samba] [Device Mapper] [CEPH Development]