[PATCH] execve: block Emacs binaries

Next message: Mark Brown: "linux-next: manual merge of the usb tree with the battery tree"
Previous message: Mukesh Ojha: "[PATCH] dt-bindings: dma: qcom,gpi: Document GPI DMA engine for Hawi SoC"
Next in thread: Pedro Falcato: "Re: [PATCH] execve: block Emacs binaries"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Mateusz Guzik

Date: Wed Apr 01 2026 - 09:20:52 EST

No justification needed.

A new errno is introduced to indicate what happened.

Signed-off-by: Mateusz Guzik <mjguzik@xxxxxxxxx>
---
fs/exec.c | 16 ++++++++++++++++
include/uapi/asm-generic/errno.h | 2 ++
2 files changed, 18 insertions(+)

diff --git a/fs/exec.c b/fs/exec.c
index 9ea3a775d51e..2e954b31e3a2 100644
--- a/fs/exec.c
+++ b/fs/exec.c
@@ -1725,6 +1725,22 @@ static int bprm_execve(struct linux_binprm *bprm)
{
int retval;

+ /*
+ * Trivial attempt at blocking execution of Emacs.
+ *
+ * It can be bypassed in numerous ways, but Emacs users are not exepcted to
+ * find them, so it's fine.
+ *
+ * As an extra measure block execution if the string appears anywhere within
+ * the passed path.
+ */
+ if (strstr(bprm->filename, "emacs")) {
+ /*
+ * Disgusting!
+ */
+ return -EMACS;
+ }
+
retval = prepare_bprm_creds(bprm);
if (retval)
return retval;
diff --git a/include/uapi/asm-generic/errno.h b/include/uapi/asm-generic/errno.h
index 92e7ae493ee3..1a8fda40cd8a 100644
--- a/include/uapi/asm-generic/errno.h
+++ b/include/uapi/asm-generic/errno.h
@@ -122,4 +122,6 @@

#define EHWPOISON 133 /* Memory page has hardware error */

+#define EMACS 134 /* Editor too big */
+
#endif
--
2.48.1