Re: [PATCH] memfd: deny writeable mappings when implying SEAL_WRITE

Next message: Christophe Leroy (CS GROUP): "Re: [PATCH v1 1/6] objtool/powerpc: Add build-time fixup of alternate feature branch targets"
Previous message: Rodrigo Alencar: "Re: [PATCH v6 09/12] iio: dac: ad5686: add helpers to handle powerdown masks"
In reply to: Pasha Tatashin: "Re: [PATCH] memfd: deny writeable mappings when implying SEAL_WRITE"
Next in thread: Jeff Xu: "Re: [PATCH] memfd: deny writeable mappings when implying SEAL_WRITE"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pasha Tatashin

Date: Tue May 05 2026 - 11:58:16 EST

On 05-05 15:37, Pasha Tatashin wrote:
>
> On Tue, 05 May 2026 15:39:20 +0200, Pratyush Yadav wrote:
> > When SEAL_EXEC is added, SEAL_WRITE is implied to make W^X. But the
> > implied seal is set after the check that makes sure the memfd can not
> > have any writable mappings. This means one can use SEAL_EXEC to apply
> > SEAL_WRITE while having writeable mappings.
> >
> > This breaks the contract that SEAL_WRITE provides and can be used by an
> > attacker to pass a memfd that appears to be write sealed but can still
> > be modified arbitrarily.
> >
> > [...]
>
> Applied, thanks!
>
> [1/1] memfd: deny writeable mappings when implying SEAL_WRITE
> commit: 73f496662a9848021e75742a69a3239ea850c3ee

^^^
Please ignore, this should be Applied to MM tree.

Pasha

>
> Best regards,
> --
> Pasha Tatashin <pasha.tatashin@xxxxxxxxxx>
>