Re: [PATCH v2 0/5] Add support for O_MAYEXEC

From: Florian Weimer
Date: Fri Sep 06 2019 - 14:57:13 EST

Next message: Pavel Tatashin: "Re: [PATCH v3 08/17] arm64, trans_pgd: make trans_pgd_map_page generic"
Previous message: tip-bot2 for Steve Wahl: "[tip: x86/urgent] x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors"
In reply to: Steve Grubb: "Re: [PATCH v2 0/5] Add support for O_MAYEXEC"
Next in thread: Steve Grubb: "Re: [PATCH v2 0/5] Add support for O_MAYEXEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

* Steve Grubb:

> Now with LD_AUDIT
> $ LD_AUDIT=/home/sgrubb/test/openflags/strip-flags.so.0 strace ./test 2>&1 | grep passwd
> openat(3, "passwd", O_RDONLY) = 4
>
> No O_CLOEXEC flag.

I think you need to explain in detail why you consider this a problem.

With LD_PRELOAD and LD_AUDIT, you can already do anything, including
scanning other loaded objects for a system call instruction and jumping
to that (in case a security module in the kernel performs a PC check to
confer additional privileges).

Thanks,
Florian

Next message: Pavel Tatashin: "Re: [PATCH v3 08/17] arm64, trans_pgd: make trans_pgd_map_page generic"
Previous message: tip-bot2 for Steve Wahl: "[tip: x86/urgent] x86/purgatory: Change compiler flags from -mcmodel=kernel to -mcmodel=large to fix kexec relocation errors"
In reply to: Steve Grubb: "Re: [PATCH v2 0/5] Add support for O_MAYEXEC"
Next in thread: Steve Grubb: "Re: [PATCH v2 0/5] Add support for O_MAYEXEC"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]