Re: [ANNOUNCE] Release Digsig 1.3.1: kernel module for run-time authentication of binaries

[Serge E. Hallyn]

> Thing is, x86 makes no distinction btween r/x so, have you tried mmaping
> with read, then executing (I haven't)?

Yup, clearly that will work on x86.  And so obviously DigSig is not
a solution to format and buffer overflows  :)  Nor, unfortunately, a
solution to code which for whatever reason exploited this behavior.

> This has nothing to do with file permissions aside of read.  All you need
> is read permission, then you can mmap(PROT_EXEC) which will kick off the
> check, and do deny_write_access.  It's a freeform way to lock writers
> out of any readable file in the system.

No, not "any readable file," because DigSig will not lock non-ELF files.

The attached patch adds a check for execute permission to the file being
mmap'ed.  Failing such permission, it will return -EPERM and not lock
the file.

thanks,
-serge
--- digsig.c	2004-09-09 17:43:51.342757952 -0500
+++ digsig.c.noexec	2004-09-09 17:43:43.569939600 -0500
@@ -556,6 +556,11 @@ int dsi_file_mmap(struct file * file, un
 		goto out_file_no_buf;
 	}
 
+	if (!(file->f_dentry->d_inode->i_mode & MAY_EXEC)) {
+		retval = -EPERM;
+		goto out_with_file;
+	}
+
 	retval = DIGSIG_MODE;
 
 	size = elf_ex->e_shnum * sizeof(Elf32_Shdr);