Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2

From: Andy Lutomirski
Date: Thu Jun 03 2004 - 19:14:17 EST


Andy Lutomirski wrote:

I don't like Ingo's fix either, though. At least it should check CAP_PTRACE or some such. A better fix would be for LSM to pass down a flag indicating a change of security context. I'll throw that in to my caps/apply_creds cleanup, in case that ever gets applied.



Don't think we should require an LSM module for that. That's far overkill.


I'm not suggesting a new LSM module. I'm suggesting modifying the existing LSM code to handle this cleanly. We already have a function (security_bprm_secureexec) that does something like this, and, in fact, it's probably the right thing to test here.

... or not.

secureexec will return true even if you have whatever cap you want the user to have for this to work.

What use to you see for having this flag survive setuid? The only (safe) use I can see is for debugging, in which case just copying the binary and running it non-setuid should be OK.

In this case, then secureexec is a better test than setuid-ness because of LSMs (like SELinux) in which case setuid is not the only way that security can be elevated.

--Andy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/