From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-3.8 required=3.0 tests=HEADER_FROM_DIFFERENT_DOMAINS, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9E5C4C4724C for ; Fri, 1 May 2020 14:18:04 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 83857208DB for ; Fri, 1 May 2020 14:18:04 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729483AbgEAOSD (ORCPT ); Fri, 1 May 2020 10:18:03 -0400 Received: from smtp-190c.mail.infomaniak.ch ([185.125.25.12]:50817 "EHLO smtp-190c.mail.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729038AbgEAOSD (ORCPT ); Fri, 1 May 2020 10:18:03 -0400 Received: from smtp-2-0001.mail.infomaniak.ch (unknown [10.5.36.108]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 49DDqS3rYhzlhNh9; Fri, 1 May 2020 16:17:56 +0200 (CEST) Received: from ns3096276.ip-94-23-54.eu (unknown [94.23.54.103]) by smtp-2-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 49DDqR24jbzlrVLQ; Fri, 1 May 2020 16:17:55 +0200 (CEST) Subject: Re: [PATCH v3 2/5] fs: Add a MAY_EXECMOUNT flag to infer the noexec mount property To: James Morris Cc: linux-kernel@vger.kernel.org, Aleksa Sarai , Alexei Starovoitov , Al Viro , Andy Lutomirski , Christian Heimes , Daniel Borkmann , Deven Bowers , Eric Chiang , Florian Weimer , Jan Kara , Jann Horn , Jonathan Corbet , Kees Cook , Matthew Garrett , Matthew Wilcox , Michael Kerrisk , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Mimi Zohar , =?UTF-8?Q?Philippe_Tr=c3=a9buchet?= , Scott Shell , Sean Christopherson , Shuah Khan , Steve Dower , Steve Grubb , Thibaut Sautereau , Vincent Strubel , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org References: <20200428175129.634352-1-mic@digikod.net> <20200428175129.634352-3-mic@digikod.net> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: Date: Fri, 1 May 2020 16:17:54 +0200 User-Agent: MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=iso-8859-15 Content-Language: en-US Content-Transfer-Encoding: 8bit X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 01/05/2020 06:02, James Morris wrote: > On Tue, 28 Apr 2020, Mickaël Salaün wrote: > >> An LSM doesn't get path information related to an access request to open >> an inode. This new (internal) MAY_EXECMOUNT flag enables an LSM to >> check if the underlying mount point of an inode is marked as executable. >> This is useful to implement a security policy taking advantage of the >> noexec mount option. >> >> This flag is set according to path_noexec(), which checks if a mount >> point is mounted with MNT_NOEXEC or if the underlying superblock is >> SB_I_NOEXEC. >> >> Signed-off-by: Mickaël Salaün >> Reviewed-by: Philippe Trébuchet >> Reviewed-by: Thibaut Sautereau >> Cc: Aleksa Sarai >> Cc: Al Viro >> Cc: Kees Cook > > Are there any existing LSMs which plan to use this aspect? This commit message was initially for the first version of O_MAYEXEC, which extended Yama. The current enforcement implementation is now directly in the FS subsystem (as requested by Kees Cook). However, this MAY_EXECMOUNT flag is still used by the current FS implementation and it could still be useful for LSMs.