From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1758505Ab2CHTkS (ORCPT ); Thu, 8 Mar 2012 14:40:18 -0500 Received: from mail-bk0-f46.google.com ([209.85.214.46]:57025 "EHLO mail-bk0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753151Ab2CHTkO (ORCPT ); Thu, 8 Mar 2012 14:40:14 -0500 Date: Thu, 8 Mar 2012 23:40:08 +0400 From: Cyrill Gorcunov To: Kees Cook Cc: Oleg Nesterov , KOSAKI Motohiro , Pavel Emelyanov , Tejun Heo , Andrew Morton , LKML , Andy Lutomirski , Will Drewry Subject: Re: [RFC] c/r: prctl: Add ability to set new mm_struct::exe_file v3 Message-ID: <20120308194008.GJ21812@moon> References: <20120308165112.GF21812@moon> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: User-Agent: Mutt/1.5.21 (2010-09-15) Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Mar 08, 2012 at 11:31:58AM -0800, Kees Cook wrote: ... > > +       err = -EACCES; > > +       if (!S_ISREG(dentry->d_inode->i_mode)   || > > +           exe_file->f_path.mnt->mnt_flags & MNT_NOEXEC) > > +               goto exit; > > I'm starting to notice that this pattern (testing ISREG and > MNT_NOEXEC) is getting repeated a few times in the kernel, and at > least the no-new-privs patch (not yet in -mm but hopefully soon given > the seccomp_filter work) updates this pattern everywhere. Perhaps this > should be extracted into a helper first, and then this patch can call > that helper here? (And then nnp can just update the single helper.) > I can do that if Andrew agree. Cyrill