On Fri, Mar 9, 2018 at 10:50 AM, Linus Torvalds <torva...@linux-foundation.org> wrote: > On Fri, Mar 9, 2018 at 10:43 AM, Kees Cook <keesc...@chromium.org> wrote: >> >> Module loading (via kernel_read_file()) already uses >> deny_write_access(), and so does do_open_execat(). As long as module >> loading doesn't call allow_write_access() before the execve() has >> started in the new implementation, I think we'd be covered here. > > No. kernel_read_file() only does it *during* the read.
Ah, true. And looking at this again, shouldn't deny_write_access() happen _before_ the LSM check in kernel_read_file()? That looks like a problem... -Kees -- Kees Cook Pixel Security