Re: [PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs
From: Jann Horn
Date: Wed Jan 24 2024 - 15:52:11 EST
On Wed, Jan 24, 2024 at 9:47 PM Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
>
> On Wed, 24 Jan 2024 at 12:15, Kees Cook <keescook@xxxxxxxxxxxx> wrote:
> >
> > Hmpf, and frustratingly Ubuntu (and Debian) still builds with
> > CONFIG_USELIB, even though it was reported[2] to them almost 4 years ago.
>
> Well, we could just remove the __FMODE_EXEC from uselib.
>
> It's kind of wrong anyway.
>
> Unlike a real execve(), where the target executable actually takes
> control and you can't actually control it (except with ptrace, of
> course), 'uselib()' really is just a wrapper around a special mmap.
>
> And you can see it in the "acc_mode" flags: uselib already requires
> MAY_READ for that reason. So you cannot uselib() a non-readable file,
> unlike execve().
>
> So I think just removing __FMODE_EXEC would just do the
> RightThing(tm), and changes nothing for any sane situation.
Sounds like a good idea. That makes this codepath behave more as if
userspace had done the same steps manually...