Re: [PATCH 0/4] Relocate execve() sanity checks

2020-05-19 Thread John Johansen
On 5/19/20 2:17 PM, Kees Cook wrote: > On Tue, May 19, 2020 at 01:42:28PM -0500, Eric W. Biederman wrote: >> Kees Cook writes: >> >>> On Tue, May 19, 2020 at 12:41:27PM -0500, Eric W. Biederman wrote: Kees Cook writes: > and given the LSM hooks, I think the noexec check is too late as we

Re: [PATCH 0/4] Relocate execve() sanity checks

2020-05-19 Thread Kees Cook
On Tue, May 19, 2020 at 01:42:28PM -0500, Eric W. Biederman wrote: > Kees Cook writes: > > > On Tue, May 19, 2020 at 12:41:27PM -0500, Eric W. Biederman wrote: > >> Kees Cook writes: > >> > and given the LSM hooks, I think the noexec check is too late as well. > >> > (This is especially true for

Re: [PATCH 0/4] Relocate execve() sanity checks

2020-05-19 Thread Eric W. Biederman
Kees Cook writes: > On Tue, May 19, 2020 at 12:41:27PM -0500, Eric W. Biederman wrote: >> Kees Cook writes: >> > and given the LSM hooks, I think the noexec check is too late as well. >> > (This is especially true for the coming O_MAYEXEC series, which will >> > absolutely need those tests earli

Re: [PATCH 0/4] Relocate execve() sanity checks

2020-05-19 Thread Kees Cook
On Tue, May 19, 2020 at 12:41:27PM -0500, Eric W. Biederman wrote: > Kees Cook writes: > > and given the LSM hooks, I think the noexec check is too late as well. > > (This is especially true for the coming O_MAYEXEC series, which will > > absolutely need those tests earlier as well[1] -- the permi

Re: [PATCH 0/4] Relocate execve() sanity checks

2020-05-19 Thread Eric W. Biederman
Kees Cook writes: > On Tue, May 19, 2020 at 10:06:32AM -0500, Eric W. Biederman wrote: >> Kees Cook writes: >> >> > Hi, >> > >> > While looking at the code paths for the proposed O_MAYEXEC flag, I saw >> > some things that looked like they should be fixed up. >> > >> > exec: Change uselib(2)

Re: [PATCH 0/4] Relocate execve() sanity checks

2020-05-19 Thread Kees Cook
On Tue, May 19, 2020 at 10:06:32AM -0500, Eric W. Biederman wrote: > Kees Cook writes: > > > Hi, > > > > While looking at the code paths for the proposed O_MAYEXEC flag, I saw > > some things that looked like they should be fixed up. > > > > exec: Change uselib(2) IS_SREG() failure to EACCES >

Re: [PATCH 0/4] Relocate execve() sanity checks

2020-05-19 Thread Eric W. Biederman
Kees Cook writes: > Hi, > > While looking at the code paths for the proposed O_MAYEXEC flag, I saw > some things that looked like they should be fixed up. > > exec: Change uselib(2) IS_SREG() failure to EACCES > This just regularizes the return code on uselib(2). > > exec: Relocate S_IS

[PATCH 0/4] Relocate execve() sanity checks

2020-05-17 Thread Kees Cook
Hi, While looking at the code paths for the proposed O_MAYEXEC flag, I saw some things that looked like they should be fixed up. exec: Change uselib(2) IS_SREG() failure to EACCES This just regularizes the return code on uselib(2). exec: Relocate S_ISREG() check This moves th