Re: [patch] honour MNT_NOEXEC for access()

From: Jeremy Fitzhardinge
Date: Sat Oct 07 2006 - 20:30:44 EST

Next message: Steven Rostedt: "Re: [PATCH] Fix WARN_ON / WARN_ON_ONCE regression"
Previous message: Jeremy Fitzhardinge: "Re: Really good idea to allow mmap(0, FIXED)?"
In reply to: Stas Sergeev: "Re: [patch] honour MNT_NOEXEC for access()"
Next in thread: Jesper Juhl: "Re: [patch] honour MNT_NOEXEC for access()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stas Sergeev wrote:

Even though the access(X_OK) is mostly not needed
as the execve() would fail anyway, this is not the
case for ld.so. I think it would be a good idea for
ld.so to start using the access(R_OK | X_OK) before
open().

Not really. If you want to do something along those lines it would be better to add a new open flag called something like O_RDEXONLY which would require r-x effective file permissions, and allow PROT_READ|PROT_EXEC mmaps (though for that to be really useful, you'd need to make an O_RDONLY fd not allow PROT_EXEC mmaps, which would break a few things).

access() is just plain racy, and can't be used safely for any kind of permission/security check.

J
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Steven Rostedt: "Re: [PATCH] Fix WARN_ON / WARN_ON_ONCE regression"
Previous message: Jeremy Fitzhardinge: "Re: Really good idea to allow mmap(0, FIXED)?"
In reply to: Stas Sergeev: "Re: [patch] honour MNT_NOEXEC for access()"
Next in thread: Jesper Juhl: "Re: [patch] honour MNT_NOEXEC for access()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]