Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S942753AbcJ0O2p (ORCPT ); Thu, 27 Oct 2016 10:28:45 -0400 Received: from emsm-gh1-uea10.nsa.gov ([8.44.101.8]:26139 "EHLO emsm-gh1-uea10.nsa.gov" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S942654AbcJ0O2k (ORCPT ); Thu, 27 Oct 2016 10:28:40 -0400 X-IronPort-AV: E=Sophos;i="5.31,404,1473120000"; d="scan'208";a="322059" IronPort-PHdr: =?us-ascii?q?9a23=3AjBSyXBym2lS2m3jXCy+O+j09IxM/srCxBDY+r6Qd?= =?us-ascii?q?1esSIJqq85mqBkHD//Il1AaPBtSBra0dwLaI+4nbGkU4qa6bt34DdJEeHzQksu?= =?us-ascii?q?4x2zIaPcieFEfgJ+TrZSFpVO5LVVti4m3peRMNQJW2WVTerzWI4CIIHV2nbEwu?= =?us-ascii?q?d76zRdeZ05r//tvx0qWbWx9Piju5bOE6BzSNhiKViPMrh5B/IL060BrDrygAUe?= =?us-ascii?q?1XwWR1OQDbxE6ktY+YtaRu+CVIuv8n69UIEeCjJ/x5HoFCCHwaF0x9pIix7ViQ?= =?us-ascii?q?BTeIs0cbSmRetxtFHxTE6hz8FsPttSrlsfZ63gGVOMT3SfY/XjH0q+9TQQLswA?= =?us-ascii?q?IAMCQ0uDXPg9F0pLpSvRbkoht42YOSa4aQYr42U7ncdpsiTHBARY4FWjRIGIKn?= =?us-ascii?q?R5MGFesaJeJRpIS7oEEB+1/2JwCpCfin7zhSnH7tlfk42uEsCkfCmgknBcgPq1?= =?us-ascii?q?zTttz+MKpUWuewmu2Ahw7OdfxbkRq7oKjBdhQwp7vECal9a8Xc4UkmEwfUiBOb?= =?us-ascii?q?romze3vf0+MBvnKS8+dsHeaukHJ1kCxVgx6S9o8Xp6L0vKMp+xjh0glE5Kt/bY?= =?us-ascii?q?mjRUp6Z8O0OIdBvCGdcY1tS4UtRH8+/G5wzaULv9a/fTMWmq8K7CPlSsC2O7O1?= =?us-ascii?q?yCnSb9q8BH0w0HZkfq+vwg2/+lW6y/HtE8yz3EtOowJbndTW8HMAzRre7o6AUP?= =?us-ascii?q?Qrug+mwTuJnwTS8f0MdUQ1k7fLbp0s2Lg9krINvknZWCz7gkP7iOmRbEpyqcay?= =?us-ascii?q?7OGyWanrvp+RMcdPjwj6Nqk/0pikDf8QLhkFX2/d//+1krLk4xuqE/1xkvQqn/?= =?us-ascii?q?yB49jhLsMBq/v8WlUN3w=3D=3D?= X-IPAS-Result: =?us-ascii?q?A2EoEQC0+RFY/wHyM5BcGwEBAQMBAQEJAQEBFQEBAQECAQE?= =?us-ascii?q?BAQgBAQEBgn8BAQEBAR2BAqNlAQEBBoEblkaGIgKCBFMBAQEBAQEBAQIBAl8oQ?= =?us-ascii?q?hIBgV4EARUBBIIRAQEEI2YLDQEKAgImAgJXBgEMCAEBiFCyZ4x5AQEBBwEBAQE?= =?us-ascii?q?jgQeEa4JIgliHS4JbBZoWkCKKCYV7SYxChAFUUQYIgxscgW4ihTyCDYFKAQEB?= Subject: Re: selinux: should execmem disable shmat(..., SHM_EXEC)? To: Topi Miettinen , Paul Moore , Eric Paris , James Morris , "Serge E. Hallyn" , "moderated list:SELINUX SECURITY MODULE" , "open list:SECURITY SUBSYSTEM" , open list References: <3f453e5e-e70c-f00d-9b5b-f09addd04ada@gmail.com> From: Stephen Smalley Organization: National Security Agency Message-ID: <732d3c0d-a7d1-22b3-d468-b0d399ba56ff@tycho.nsa.gov> Date: Thu, 27 Oct 2016 09:01:35 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0 MIME-Version: 1.0 In-Reply-To: <3f453e5e-e70c-f00d-9b5b-f09addd04ada@gmail.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1085 Lines: 34 On 10/26/2016 04:31 PM, Topi Miettinen wrote: > Hi, > > Maybe this is a stupid question and I didn't test this with SELinux, but > it looks to me that SELinux execmem does not prevent process from > getting writable and executable memory mappings by using shmat(..., > SHM_EXEC). Shouldn't this be blocked by execmem, I suppose it is there > to prevent this kind of memory access? > > Here's a test program: > #include > #include > > int main(void) { > int shmid; > char *execmem; > void (*fn)(void); > > shmid = shmget(IPC_PRIVATE, 4096, IPC_CREAT | 0777); > execmem = shmat(shmid, 0, SHM_EXEC); > shmctl(shmid, IPC_RMID, 0); > *execmem = 0xc3; // retq > fn = (void (*)(void))execmem; > fn(); > shmdt(execmem); > } > > -Topi > The test program fails with a seg fault and a SELinux avc denial for execmem permission when run in a domain that lacks execmem permission. Thanks though for the test; I'll add it to the selinux testsuite to ensure we don't regress in this area.