Re: [patch] honour MNT_NOEXEC for access()

[Jesper Juhl]

On 08/10/06, Jeremy Fitzhardinge <jeremy@xxxxxxxx> wrote:
[snip]
> Also, I guess there's the general question of what the noexec mount flag
> really means?  Does it mean "make the execve syscall fail", or does it
> mean "no bits on this filesystem may be interpreted as instructions".
> The former is simple to implement, but probably not very useful; the
> latter is not possible to implement in general.

As I see it, what we can resonably do with 'noexec' is
- make execve() fail.
- make access(), faccessat() return EACCESS for files stored on
'noexec' filesystems.
- make mmap(...PROT_EXEC...) fail for files stored on 'noexec' filesystems.

For things like /dev/shm we can additionally let 'noexec' mean "don't
allow executable shared memory".

Since we can't really prevent things like perl/php/bash/tcl/whatever
scripts from being executed/interpreted from there with this
mechanism, let's not worry about that.  Leave that for things like
SELinux to deal with.

I don't think we can do much more with 'noexec'.


--
Jesper Juhl <jesper.juhl@xxxxxxxxx>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/