Re: [PATCH] exec: drop a racy path_noexec check

From: Al Viro
Date: Mon Aug 05 2024 - 19:38:19 EST

Next message: longli: "[PATCH net] net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings"
Previous message: Ian Rogers: "Re: [RFC PATCH v18 0/8] TPEBS counting mode support"
In reply to: Kees Cook: "Re: [PATCH] exec: drop a racy path_noexec check"
Next in thread: Al Viro: "Re: [PATCH] exec: drop a racy path_noexec check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Aug 05, 2024 at 05:35:35PM +0200, Christian Brauner wrote:
> > To my reading that path_noexec is still there only for debug, not
> > because of any security need.
>
> I don't think it's there for debug. I think that WARN_ON_ONCE() is based
> on the assumption that the mount properties can't change. IOW, someone
> must've thought that somehow stable mount properties are guaranteed
> after may_open() irrespective of how the file was opened. And in that
> sense they thought they might actually catch a bug.

That would be a neat trick, seeing that there'd never been anything to
prevent mount -o remount,exec while something is executed on the
filesystem in question.

> But having it in there isn't wrong. In procfs permission/eligibility
> checks often are checked as close to the open as possible. Worst case
> it's something similar here. But it's certainly wrong to splat about it.

Bury it.

Next message: longli: "[PATCH net] net: mana: Fix doorbell out of order violation and avoid unnecessary doorbell rings"
Previous message: Ian Rogers: "Re: [RFC PATCH v18 0/8] TPEBS counting mode support"
In reply to: Kees Cook: "Re: [PATCH] exec: drop a racy path_noexec check"
Next in thread: Al Viro: "Re: [PATCH] exec: drop a racy path_noexec check"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]