From: Al Viro <viro@zeniv.linux.org.uk>
To: Christian Brauner <brauner@kernel.org>
Cc: Mateusz Guzik <mjguzik@gmail.com>,
jack@suse.cz, linux-kernel@vger.kernel.org,
linux-fsdevel@vger.kernel.org, josef@toxicpanda.com,
wojciech.gladysz@infogain.com, ebiederm@xmission.com,
kees@kernel.org, linux-mm@kvack.org
Subject: Re: [PATCH] exec: drop a racy path_noexec check
Date: Tue, 6 Aug 2024 00:41:10 +0100 [thread overview]
Message-ID: <20240805234110.GJ5334@ZenIV> (raw)
In-Reply-To: <20240805233804.GI5334@ZenIV>
On Tue, Aug 06, 2024 at 12:38:04AM +0100, Al Viro wrote:
> On Mon, Aug 05, 2024 at 05:35:35PM +0200, Christian Brauner wrote:
> > > To my reading that path_noexec is still there only for debug, not
> > > because of any security need.
> >
> > I don't think it's there for debug. I think that WARN_ON_ONCE() is based
> > on the assumption that the mount properties can't change. IOW, someone
> > must've thought that somehow stable mount properties are guaranteed
> > after may_open() irrespective of how the file was opened. And in that
> > sense they thought they might actually catch a bug.
>
> That would be a neat trick, seeing that there'd never been anything to
> prevent mount -o remount,exec while something is executed on the
noexec, obviously...
next prev parent reply other threads:[~2024-08-05 23:41 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-08-01 12:07 [PATCH] kernel/fs: last check for exec credentials on NOEXEC mount Wojciech Gładysz
2024-08-01 14:07 ` Josef Bacik
2024-08-01 15:15 ` Mateusz Guzik
2024-08-02 15:58 ` Josef Bacik
2024-08-03 6:29 ` Mateusz Guzik
2024-08-05 9:26 ` Christian Brauner
2024-08-05 13:17 ` [PATCH] exec: drop a racy path_noexec check Mateusz Guzik
2024-08-05 15:35 ` Christian Brauner
2024-08-05 20:21 ` Kees Cook
2024-08-05 23:38 ` Al Viro
2024-08-05 23:41 ` Al Viro [this message]
2024-08-06 7:06 ` Christian Brauner
2024-08-02 3:28 ` [PATCH] kernel/fs: last check for exec credentials on NOEXEC mount Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240805234110.GJ5334@ZenIV \
--to=viro@zeniv.linux.org.uk \
--cc=brauner@kernel.org \
--cc=ebiederm@xmission.com \
--cc=jack@suse.cz \
--cc=josef@toxicpanda.com \
--cc=kees@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mjguzik@gmail.com \
--cc=wojciech.gladysz@infogain.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).