[PATCH 3/3] binfmt_elf: Do not allow exec() if signed binary has intepreter

[Vivek Goyal]

Do not allow execution if signed binary has interpreter. We don't have
a way to verify the signature of libraries interpreter can map. So do not
allow exec() of such binary.

Currently this signing process works only for statically linked binaries.

Well it does not prevent an application to use dlopen(). In that case,
these binaries should not be signed.

If a method to verify signature of shared libraries comes along, then
I think we can verify the signature of interpreter and allow launching
interpreter.

Signed-off-by: Vivek Goyal <vgoyal@xxxxxxxxxx>
---
 fs/binfmt_elf.c |   10 ++++++++++
 1 files changed, 10 insertions(+), 0 deletions(-)

diff --git a/fs/binfmt_elf.c b/fs/binfmt_elf.c
index 80da13c..d2fcb47 100644
--- a/fs/binfmt_elf.c
+++ b/fs/binfmt_elf.c
@@ -1170,6 +1170,16 @@ static int load_elf_binary(struct linux_binprm *bprm)
 		goto out_free_dentry;
 	}
 
+	/*
+	 * Signed binary. If there is an interpreter specified, deny
+	 * execution
+	 */
+	if (esd && elf_interpreter) {
+		retval = -EINVAL;
+		send_sig(SIGKILL, current, 0);
+		goto out_free_dentry;
+	}
+
 	/* Now we do a little grungy work by mmapping the ELF image into
 	   the correct location in memory. */
 	for(i = 0, elf_ppnt = elf_phdata;
-- 
1.7.7.6

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/