From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by smtp.lore.kernel.org (Postfix) with ESMTP id 5EAB6C54E67 for ; Sat, 16 Mar 2024 03:24:32 +0000 (UTC) Received: by kanga.kvack.org (Postfix) id CAEE580158; Fri, 15 Mar 2024 23:24:31 -0400 (EDT) Received: by kanga.kvack.org (Postfix, from userid 40) id C37DD800B4; Fri, 15 Mar 2024 23:24:31 -0400 (EDT) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id AD92D80158; Fri, 15 Mar 2024 23:24:31 -0400 (EDT) X-Delivered-To: linux-mm@kvack.org Received: from relay.hostedemail.com (smtprelay0015.hostedemail.com [216.40.44.15]) by kanga.kvack.org (Postfix) with ESMTP id 99660800B4 for ; Fri, 15 Mar 2024 23:24:31 -0400 (EDT) Received: from smtpin24.hostedemail.com (a10.router.float.18 [10.200.18.1]) by unirelay06.hostedemail.com (Postfix) with ESMTP id 25C6AA106F for ; Sat, 16 Mar 2024 03:24:31 +0000 (UTC) X-FDA: 81901459542.24.5335C77 Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217]) by imf06.hostedemail.com (Postfix) with ESMTP id 892EB180010 for ; Sat, 16 Mar 2024 03:24:28 +0000 (UTC) Authentication-Results: imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cEWZxkSy; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=hostedemail.com; s=arc-20220608; t=1710559468; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:dkim-signature; bh=jkgkojI2Ah/T9QsFuMoTNiMkhWimn9JHLasQSHFd+AY=; b=t3PviS7osMcm/PNeIojjEJ+2ZmbrelR3zGusmogNyk2c/a34LQGYQ/XSWeS5p4GAFdr5oT 6Anm70uKv3oMGkwNc2jjHWfdAIGDHfPq/MTVwXjNo68QLT3MlqvQkpeH9W+Gn4RQ/NlD3a GmBwOgBUrOrlTOz48eCxyZK1qt0F1Pc= ARC-Authentication-Results: i=1; imf06.hostedemail.com; dkim=pass header.d=kernel.org header.s=k20201202 header.b=cEWZxkSy; dmarc=pass (policy=none) header.from=kernel.org; spf=pass (imf06.hostedemail.com: domain of kees@kernel.org designates 139.178.84.217 as permitted sender) smtp.mailfrom=kees@kernel.org ARC-Seal: i=1; s=arc-20220608; d=hostedemail.com; t=1710559468; a=rsa-sha256; cv=none; b=2QoQazflWXtTShCdjqQd2smexo9kcHgU0eauV6Ua9x2OPI8WeLFe3hKBM/9Pf/8ZWm2DWI /sVI6szO3EGGIu0A2V8//rvZ7rkVoNb8ETD5SOWf1PyCYIUfKOdOR8X2g6HRM7uFaxqcYK vSFVqaoZpUZf6kvnsTk6l4ik2+H4Qn8= Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58]) by dfw.source.kernel.org (Postfix) with ESMTP id 5BA846114A; Sat, 16 Mar 2024 03:24:27 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id DC76FC433F1; Sat, 16 Mar 2024 03:24:26 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=k20201202; t=1710559467; bh=GsnMpqncKTzVCk2TUl4teQVRc7jp0Ahi0iNXkDzmMH8=; h=Date:From:To:CC:Subject:In-Reply-To:References:From; b=cEWZxkSyp4BIiaJTcZRaTOWkLGkGdES/06iwZ6zpWMRiozxcrZc923kKj5R7lHJgD aKQqaAHBa7y4qux6ct+ij0qBOkEkaIeOYdh6quVWHO2w9z+0DsSdXKm6UnIkngzVXm kodv5GYY1vYhdh1Yo8yC0U5QVe4T4DM7zmnt4+vGXj+OB2k1FlQB2cTjUkE47dHgfw z0rTDS2Bl8ybE+j+Vv1qp83nAjWIiqt/zKF0cWwR4ve2kE2BFq6ZclwuJ2wZ+JhNLu 7QQkmjiedt7VsVRJGl3rTb6JfDCrwTyngjj++5DhtTxnyUiNs+iyO+2fajGlkIGivd rIxwG5IBG9o3w== Date: Fri, 15 Mar 2024 20:24:27 -0700 From: Kees Cook To: Paul Moore , =?ISO-8859-1?Q?Christian_G=F6ttsche?= CC: linux-security-module@vger.kernel.org, Eric Biederman , Kees Cook , Alexander Viro , Christian Brauner , Jan Kara , James Morris , "Serge E. Hallyn" , Khadija Kamran , Andrii Nakryiko , Casey Schaufler , Alexei Starovoitov , Ondrej Mosnacek , Roberto Sassu , Alfred Piccioni , John Johansen , linux-mm@kvack.org, linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org Subject: Re: [RFC PATCH 1/2] lsm: introduce new hook security_vm_execstack User-Agent: K-9 Mail for Android In-Reply-To: References: <20240315181032.645161-1-cgzones@googlemail.com> <20240315181032.645161-2-cgzones@googlemail.com> Message-ID: <5368DC74-41CF-4450-AF6F-FFB51EFCCF99@kernel.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Rspam-User: X-Stat-Signature: tg6acmcdfmpp3qfxqqyxk33jdm84hwk4 X-Rspamd-Server: rspam07 X-Rspamd-Queue-Id: 892EB180010 X-HE-Tag: 1710559468-520349 X-HE-Meta: U2FsdGVkX1+TbStHCzYXVTwDhGDQEAQTZ3y9aS2ynpssHhxtIoSHniyl77fkOPoDHufSlR7hAC7USAKbqGjWhKQ9HVoWvPs6k6X0DVyJfl6AgumiejJuUiibQ1m21UcZwxmRVa6ecz7h3uaiSc5bEUPN4PrJlwjuZ96jEzd2qR9e4VNMao8I9ZVvilS+4rWqGAtAK3UgP2Ufq7dHPkpWUyEgvBvQbdt8eE08qSKkbaSMKMxH7py7Lr5ss0OQ6bcWNbqDp2EpqMlQjBgaH3MhAPvocuecF+yc08SS7lNxjClGdpMqasTsqXvQXBd07gKgfMWoIfdeBD0Ch+2Wix8pfkxmk8AFGB4eog3SdGbD51igpDMWPFkd5qJSr8JWRZ+qqFbNL9DLteUZ187MDirWjS2vEGF7lRttsuQz264zAtpzIrJ9tH3PX/Q1Q8pE8F8eVEPCbDvDEcPZgenV6xaZuXSfpTOAYSBBJwHdunKC4pXlmOuXxCNagP3n20QyeUXFbmQSdUOGmfNV/tWh/o8gS0GgOD7M+WEPVp8jO5TpiFCVjiwLd8qsiUe5TWqYaCG6mNUgj5Nc60IAPMyMReUs5yUxmf0ZocNzNXB0yDeggf2m6K6/gPQP7QLMa4KtDcH42YaeKjL7aFthNFRfcymfB8IH9AXLBSQyMSbJH4Dg61at7YergS3GTkzGjJfZ1FXlXAkRRchiyzMooxQr2mvX+1lgaqu8JE9TjOJL0+cAMHwkK0+DgYTGhYE9g7zXFTDS5le6YICDWEk+ZeXk8ome6PG3wMBGEUikTtrGnpHKiurYq0pIQjDxNkDIPf/Qu8imbZbBrPtVhyaCLZczlzcDPswVv+O+XGAF8OPOfr3EqHIi1Jat2VUp1/IIhdxSAy30TBkotJNkZYvcg4cOt8P6maNSNVbkpx5+tfOxs9vaiI4PP2fBuBAvvNLPWDJFr8W2 X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: List-Subscribe: List-Unsubscribe: On March 15, 2024 1:22:39 PM PDT, Paul Moore wrote= : >On Fri, Mar 15, 2024 at 2:10=E2=80=AFPM Christian G=C3=B6ttsche > wrote: >> >> Add a new hook guarding instantiations of programs with executable >> stack=2E They are being warned about since commit 47a2ebb7f505 ("execv= e: >> warn if process starts with executable stack")=2E Lets give LSMs the >> ability to control their presence on a per application basis=2E >> >> Signed-off-by: Christian G=C3=B6ttsche >> --- >> fs/exec=2Ec | 4 ++++ >> include/linux/lsm_hook_defs=2Eh | 1 + >> include/linux/security=2Eh | 6 ++++++ >> security/security=2Ec | 13 +++++++++++++ >> 4 files changed, 24 insertions(+) > >Looking at the commit referenced above, I'm guessing the existing >security_file_mprotect() hook doesn't catch this? > >> diff --git a/fs/exec=2Ec b/fs/exec=2Ec >> index 8cdd5b2dd09c=2E=2Ee6f9e980c6b1 100644 >> --- a/fs/exec=2Ec >> +++ b/fs/exec=2Ec >> @@ -829,6 +829,10 @@ int setup_arg_pages(struct linux_binprm *bprm, >> BUG_ON(prev !=3D vma); >> >> if (unlikely(vm_flags & VM_EXEC)) { >> + ret =3D security_vm_execstack(); >> + if (ret) >> + goto out_unlock; >> + >> pr_warn_once("process '%pD4' started with executable st= ack\n", >> bprm->file); >> } > >Instead of creating a new LSM hook, have you considered calling the >existing security_file_mprotect() hook? The existing LSM controls >there may not be a great fit in this case, but I'd like to hear if >you've tried that, and if you have, what made you decide a new hook >was the better option? Also, can't MDWE handle this already? https://git=2Ekernel=2Eorg/linus/b507808ebce23561d4ff8c2aa1fb949fe402bc61 -Kees --=20 Kees Cook