From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Eric W. Biederman" Subject: [PATCH review 09/13] ipc/mqueue: The mqueue filesystem should never contain executables Date: Mon, 20 Jun 2016 12:21:26 -0500 Message-ID: <20160620172130.15712-9-ebiederm@xmission.com> References: <87fus77pns.fsf@x220.int.ebiederm.org> <20160620172130.15712-1-ebiederm@xmission.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: <20160620172130.15712-1-ebiederm-aS9lmoZGLiVWk0Htik3J/w@public.gmane.org> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org Errors-To: containers-bounces-cunTk1MwBs9QetFLy7KEm3xJsTq8ys+cHZ5vskTnxNA@public.gmane.org To: Linux Containers Cc: Miklos Szeredi , Andy Lutomirski , James Bottomley , Seth Forshee , linux-fsdevel-u79uwXL29TY76Z2rM5mHXA@public.gmane.org, Djalal Harouni List-Id: containers.vger.kernel.org Set SB_I_NOEXEC on mqueuefs to ensure small implementation mistakes do not result in executable on mqueuefs by accident. Acked-by: Seth Forshee Signed-off-by: "Eric W. Biederman" --- ipc/mqueue.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 60d97082f4dc..5bdd50de7d05 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -307,6 +307,7 @@ static int mqueue_fill_super(struct super_block *sb, void *data, int silent) struct inode *inode; struct ipc_namespace *ns = sb->s_fs_info; + sb->s_iflags |= SB_I_NOEXEC; sb->s_blocksize = PAGE_SIZE; sb->s_blocksize_bits = PAGE_SHIFT; sb->s_magic = MQUEUE_MAGIC; -- 2.8.3 From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from out02.mta.xmission.com ([166.70.13.232]:40761 "EHLO out02.mta.xmission.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1756275AbcFTScr (ORCPT ); Mon, 20 Jun 2016 14:32:47 -0400 From: "Eric W. Biederman" To: Linux Containers Cc: linux-fsdevel@vger.kernel.org, Miklos Szeredi , James Bottomley , Djalal Harouni , Seth Forshee , "Serge E. Hallyn" , Andy Lutomirski Date: Mon, 20 Jun 2016 12:21:26 -0500 Message-Id: <20160620172130.15712-9-ebiederm@xmission.com> In-Reply-To: <20160620172130.15712-1-ebiederm@xmission.com> References: <87fus77pns.fsf@x220.int.ebiederm.org> <20160620172130.15712-1-ebiederm@xmission.com> Subject: [PATCH review 09/13] ipc/mqueue: The mqueue filesystem should never contain executables Sender: linux-fsdevel-owner@vger.kernel.org List-ID: Set SB_I_NOEXEC on mqueuefs to ensure small implementation mistakes do not result in executable on mqueuefs by accident. Acked-by: Seth Forshee Signed-off-by: "Eric W. Biederman" --- ipc/mqueue.c | 1 + 1 file changed, 1 insertion(+) diff --git a/ipc/mqueue.c b/ipc/mqueue.c index 60d97082f4dc..5bdd50de7d05 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -307,6 +307,7 @@ static int mqueue_fill_super(struct super_block *sb, void *data, int silent) struct inode *inode; struct ipc_namespace *ns = sb->s_fs_info; + sb->s_iflags |= SB_I_NOEXEC; sb->s_blocksize = PAGE_SIZE; sb->s_blocksize_bits = PAGE_SHIFT; sb->s_magic = MQUEUE_MAGIC; -- 2.8.3