Re: TOCTOU-free exec(), chdir(), open() with O_PATH sandbox emulation support?

From: Ⓐlï P☮latel
Date: Mon Aug 26 2024 - 13:07:47 EST


On Thursday, February 22nd, 2024 at 07:41, Bagas Sanjaya <bagasdotme@xxxxxxxxx> wrote:

> Hi,
>

> Ali Polatel alip@xxxxxxxxxxxx opened feature request bug on Bugzilla
>

> regarding TOCTOU-free sandbox emulation support [1]. He wrote:
[snip]
> Is the feature request viable/realistic?
>

> Thanks.
>

> [1]: https://bugzilla.kernel.org/show_bug.cgi?id=218501

Just close it as ENOTG**GLE. Sorry for the noise¹...

All of these have "safe" workarounds:
1. PTRACE_EVENT_EXEC can workaround the inability to emulate exec.
That said, you can TOCTOU scripts (because binfmt) but not ELFs!
Just denylist the interpreters or W^X your FS like a chad or wait
for O_MAYEXEC to happen if you care that much really.
2. Turn O_PATH to O_RDONLY and noone will know (pinky swear). You get to
updoot access times but who cares if the alternative is unsafe?
3. Apparently, chdir is not seen as security critical² so why bother?

> --
> An old man doll... just what I always wanted! - Clara

¹: you cannot cover the sun with a sieve,
gv*sor is a joke: https://mastodon.online/@alip/113028762062293426
²: https://www.openwall.com/lists/oss-security/2024/05/20/1

--  
-Ⓐlïp.

Attachment: publickey - alip@chesswob.org - 0x55838BF3.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature