Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2

[Andy Lutomirski]

Andi Kleen wrote:

> > The whole point of NX, though, is that it prevents certain classes of 
> > exploits.  If a setuid binary is vulnerable to one of these, then Ingo's 
> > patch "fixes" it.  Your approach breaks that.
>
>
> Good point.
>
> But that only applies to the NX personality bit. For the uname emulation
> it is not an issue.
>
> So maybe the dropping on exec should only zero a few selected 
> personality bits, but not all.

True.

> > I don't like Ingo's fix either, though.  At least it should check 
> > CAP_PTRACE or some such.  A better fix would be for LSM to pass down a flag 
> > indicating a change of security context.  I'll throw that in to my 
> > caps/apply_creds cleanup, in case that ever gets applied.
>
>
> Don't think we should require an LSM module for that. That's 
> far overkill.

I'm not suggesting a new LSM module.  I'm suggesting modifying the existing 
LSM code to handle this cleanly.  We already have a function 
(security_bprm_secureexec) that does something like this, and, in fact, 
it's probably the right thing to test here.

I'm currently compiling a new patch (modified from my last caps cleanup) 
that makes a new bitfield for this stuff.  I don't know if it's worth 
applying, but I'll send it off to Andrew once I convince myself it works.

--Andy

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/