Re: TOCTOU-free exec(), chdir(), open() with O_PATH sandbox emulation support?

From: Ⓐlï P☮latel
Date: Mon Aug 26 2024 - 13:07:47 EST

Next message: Conor Dooley: "Re: [PATCH 02/16] dt-bindings: soc: renesas: renesas,rzg2l-sysc: Add #reset-cells for RZ/G3S"
Previous message: Rob Herring: "Re: (subset) [PATCH 0/3] ThinkPad T14s Gen 6 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thursday, February 22nd, 2024 at 07:41, Bagas Sanjaya <bagasdotme@xxxxxxxxx> wrote:

> Hi,
>

> Ali Polatel alip@xxxxxxxxxxxx opened feature request bug on Bugzilla
>

> regarding TOCTOU-free sandbox emulation support [1]. He wrote:
[snip]
> Is the feature request viable/realistic?
>

> Thanks.
>

> [1]: https://bugzilla.kernel.org/show_bug.cgi?id=218501

Just close it as ENOTG**GLE. Sorry for the noise¹...

All of these have "safe" workarounds:
1. PTRACE_EVENT_EXEC can workaround the inability to emulate exec.
That said, you can TOCTOU scripts (because binfmt) but not ELFs!
Just denylist the interpreters or W^X your FS like a chad or wait
for O_MAYEXEC to happen if you care that much really.
2. Turn O_PATH to O_RDONLY and noone will know (pinky swear). You get to
updoot access times but who cares if the alternative is unsafe?
3. Apparently, chdir is not seen as security critical² so why bother?

> --
> An old man doll... just what I always wanted! - Clara

¹: you cannot cover the sun with a sieve,
gv*sor is a joke: https://mastodon.online/@alip/113028762062293426
²: https://www.openwall.com/lists/oss-security/2024/05/20/1

--
-Ⓐlïp.

Attachment: publickey - alip@chesswob.org - 0x55838BF3.asc
Description: application/pgp-keys

Attachment: signature.asc
Description: OpenPGP digital signature

Next message: Conor Dooley: "Re: [PATCH 02/16] dt-bindings: soc: renesas: renesas,rzg2l-sysc: Add #reset-cells for RZ/G3S"
Previous message: Rob Herring: "Re: (subset) [PATCH 0/3] ThinkPad T14s Gen 6 support"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]