Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2

[Andy Lutomirski]

Andi Kleen wrote:
> On Thu, 3 Jun 2004 14:44:48 +0200
> Ingo Molnar <mingo@xxxxxxx> wrote:
>
>
>
> > - in exec.c, since address-space executability is a security-relevant
> > item, we must clear the personality when we exec a setuid binary. I
> > believe this is also a (small) security robustness fix for current
> > 64-bit architectures.
>
>
> I'm not sure I like that. This means I cannot earily force an i386 uname 
> or 3GB address space on suid programs anymore on x86-64.
>
> While in theory it could be a small security problem I think the utility
> is much greater.
>
> It's hard to see how setting NX could cause a security hole. The program
> may crash, but it is unlikely to be exploitable.

The whole point of NX, though, is that it prevents certain classes of 
exploits.  If a setuid binary is vulnerable to one of these, then Ingo's 
patch "fixes" it.  Your approach breaks that.

I don't like Ingo's fix either, though.  At least it should check 
CAP_PTRACE or some such.  A better fix would be for LSM to pass down a flag 
indicating a change of security context.  I'll throw that in to my 
caps/apply_creds cleanup, in case that ever gets applied.

--Andy


> -Andi

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/