Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps

[Stas Sergeev]

Hi **David, please CC me next time, if possible.

David Wagner wrote:
> Makes sense.  Of course, nothing prevents an attacker from
> introducing malicious loaders, since the loader is an unprivileged
> user-level program.
I think having all the user-writable partitions
noexec actually does prevent an attacker from
introducing a malicious loader, or at least to
invoke it. That's why I think a simple "do not
use noexec whenever it hurts" is a bad option.

> > /filesystem. Think VFAT partition here, where all/
> > /files have execute bits set./
Not strictly related to the topic, but Denis, have
you tried "fmask" option to get rid of this?

> That suggests that the question to Stas should be: Do these programs that
> you're trying to make work count as example of accidental execution of
> binaries on the tmpfs, or are they deliberate execution knowing full well
> that the noexec flag is set and damn the consequences?
This is not at all about executing the *binaries*
on tmpfs, and this is very important. What these
progs need is only to mmap a piece of a shared
memory with the PROT_EXEC permission. Nothing more.
Previously, noexec did not prevent this. Now it does.
What is worse, it prevents this also for MAP_PRIVATE.
This is really something I cannot understand.
The "ro" option doesn't prevent PROT_WRITE for MAP_PRIVATE,
thats the known fact.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/