From: Vivek Goyal <vgoyal@redhat.com>
To: linux-kernel@vger.kernel.org
Cc: ebiederm@xmission.com, zohar@linux.vnet.ibm.com,
pjones@redhat.com, hpa@zytor.com, dhowells@redhat.com,
jwboyer@redhat.com, vgoyal@redhat.com
Subject: [PATCH 3/3] binfmt_elf: Do not allow exec() if signed binary has intepreter
Date: Tue, 15 Jan 2013 16:34:55 -0500 [thread overview]
Message-ID: <1358285695-26173-4-git-send-email-vgoyal@redhat.com> (raw)
In-Reply-To: <1358285695-26173-1-git-send-email-vgoyal@redhat.com>
Do not allow execution if signed binary has interpreter. We don't have
a way to verify the signature of libraries interpreter can map. So do not
allow exec() of such binary.
Currently this signing process works only for statically linked binaries.
Well it does not prevent an application to use dlopen(). In that case,
these binaries should not be signed.
If a method to verify signature of shared libraries comes along, then
I think we can verify the signature of interpreter and allow launching
interpreter.
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
---
fs/binfmt_elf.c | 10 ++++++++++
1 files changed, 10 insertions(+), 0 deletions(-)
diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 80da13c..d2fcb47 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1170,6 +1170,16 @@ static int load_elf_binary(struct linux_binprm *bprm)
goto out_free_dentry;
}
+ /*
+ * Signed binary. If there is an interpreter specified, deny
+ * execution
+ */
+ if (esd && elf_interpreter) {
+ retval = -EINVAL;
+ send_sig(SIGKILL, current, 0);
+ goto out_free_dentry;
+ }
+
/* Now we do a little grungy work by mmapping the ELF image into
the correct location in memory. */
for(i = 0, elf_ppnt = elf_phdata;
--
1.7.7.6
next prev parent reply other threads:[~2013-01-15 21:35 UTC|newest]
Thread overview: 62+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-01-15 21:34 [PATCH 0/3] ELF executable signing and verification Vivek Goyal
2013-01-15 21:34 ` [PATCH 1/3] module: export couple of functions for use in process signature verification Vivek Goyal
2013-01-15 21:34 ` [PATCH 2/3] binfmt_elf: Verify signature of signed elf binary Vivek Goyal
2013-01-16 4:30 ` Eric W. Biederman
2013-01-16 4:55 ` Mimi Zohar
2013-01-16 7:10 ` Eric W. Biederman
2013-01-16 14:00 ` Mimi Zohar
2013-01-16 14:48 ` Vivek Goyal
2013-01-16 15:33 ` Mimi Zohar
2013-01-16 15:54 ` Vivek Goyal
2013-01-16 17:24 ` Mimi Zohar
2013-01-16 18:21 ` Vivek Goyal
2013-01-16 18:45 ` Mimi Zohar
2013-01-16 18:57 ` Vivek Goyal
2013-01-16 19:37 ` Mimi Zohar
2013-01-16 19:47 ` Vivek Goyal
2013-01-16 20:25 ` Mimi Zohar
2013-01-16 21:55 ` Vivek Goyal
2013-01-17 8:37 ` Elena Reshetova
2013-01-17 14:39 ` Kasatkin, Dmitry
2013-01-17 14:35 ` Kasatkin, Dmitry
2013-01-16 16:34 ` Vivek Goyal
2013-01-16 18:08 ` Mimi Zohar
2013-01-16 18:28 ` Vivek Goyal
2013-01-16 19:24 ` Mimi Zohar
2013-01-16 21:53 ` Vivek Goyal
2013-01-17 14:58 ` Kasatkin, Dmitry
2013-01-17 15:06 ` Kasatkin, Dmitry
2013-01-17 15:21 ` Vivek Goyal
2013-01-17 15:18 ` Vivek Goyal
2013-01-17 16:27 ` Kasatkin, Dmitry
2013-01-17 20:33 ` Frank Ch. Eigler
2013-01-17 20:55 ` Vivek Goyal
2013-01-17 21:46 ` Kasatkin, Dmitry
2013-01-17 21:52 ` Vivek Goyal
2013-01-20 16:36 ` Mimi Zohar
2013-01-21 16:42 ` Vivek Goyal
2013-01-21 18:30 ` Mimi Zohar
2013-01-16 22:35 ` Mimi Zohar
2013-01-16 22:51 ` Vivek Goyal
2013-01-16 23:16 ` Eric W. Biederman
2013-01-17 15:37 ` Mimi Zohar
2013-01-17 15:51 ` Vivek Goyal
2013-01-17 16:32 ` Mimi Zohar
2013-01-17 17:01 ` Kasatkin, Dmitry
2013-01-17 17:03 ` Kasatkin, Dmitry
2013-01-17 17:42 ` Vivek Goyal
2013-01-17 17:36 ` Vivek Goyal
2013-01-20 17:20 ` Mimi Zohar
2013-01-21 15:45 ` Vivek Goyal
2013-01-21 18:44 ` Mimi Zohar
2013-01-20 16:17 ` H. Peter Anvin
2013-01-20 16:55 ` Mimi Zohar
2013-01-20 17:00 ` H. Peter Anvin
2013-01-15 21:34 ` Vivek Goyal [this message]
2013-01-15 21:37 ` [PATCH 4/3] User space utility "signelf" to sign elf executable Vivek Goyal
2013-01-15 22:27 ` [PATCH 0/3] ELF executable signing and verification richard -rw- weinberger
2013-01-15 23:15 ` Vivek Goyal
2013-01-15 23:17 ` richard -rw- weinberger
2013-01-17 16:22 ` Kasatkin, Dmitry
2013-01-17 17:25 ` Vivek Goyal
2013-01-22 4:22 ` Rusty Russell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1358285695-26173-4-git-send-email-vgoyal@redhat.com \
--to=vgoyal@redhat.com \
--cc=dhowells@redhat.com \
--cc=ebiederm@xmission.com \
--cc=hpa@zytor.com \
--cc=jwboyer@redhat.com \
--cc=linux-kernel@vger.kernel.org \
--cc=pjones@redhat.com \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).