Received: by 10.223.185.111 with SMTP id b44csp635809wrg; Fri, 9 Mar 2018 10:44:46 -0800 (PST) X-Google-Smtp-Source: AG47ELtuw3PjZkkJQXXhyi52/NsmsfCNxnTMTvJFqOI0QoTHGkzZOjdm5+8b9N2woWgdBe0B+D5B X-Received: by 10.98.165.4 with SMTP id v4mr26216663pfm.51.1520621086610; Fri, 09 Mar 2018 10:44:46 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1520621086; cv=none; d=google.com; s=arc-20160816; b=cY00aL9Mcgd4QwsKgHV1rmdL7nyzAsjt8Kw3/hVHdSvZRITIpmfHLjnMTDmN1GWFmt o9GQH+pSq6oLM5u+OQDgDrb4j5eJELHQmwc9+dU7k23HyAHx2811f49Nt59UDht39DXx J0mRAFlkjGN4yrbyFwzeatut5tG07XJRysnaxPI8Y51TyHAwAKrBjucvETZxUyPB4LSc gqtLK7nK7dGV/bu00jnBvxzWDnsUXWrhpcoIjZSKX1J/OV84lpeWc1771NmD5X/z8RxU ktFLRHP6OY2CtSPWAEGOBUPTohUgSy6I/GXpKNXJmKQGvfMmPrgiZrcXUqMGKFD6wMJC 3lrg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature:dkim-signature :arc-authentication-results; bh=xjrTs4iSBRjgG1Ez9nuS2pSYpJUTcS5o/rgA1tdfouk=; b=G5d1nah+LJ3iX64q4vE2WhuIn4BMOWr27Y1xF+EPYRWCV5SZ9q+2a9q1JQqzwiPD9d 8pso7A+/f6mGrdeMoPbZ12wt6/ctLeCvfV4Dl+jxBbCExyy/o0LVRXu+UQyWn2ox8ryD jehI+eiaip7R/SLPQvHvzY3Sy3P8TTyT7tvMQK+9ts49VOlocNd2gE23JE0A8TIJQVqx FTS1ey/WC6dxxv1jx2N8fR9kTCtGZ3qhj+YkyOx+/cRUyIuhRbFrpCfH9ojmvArLcOMM t1dS2NkwZvHR4ERUuapl0RkIC9dAnEOb8EzrTw0LQ6O/IRi91rvYywZZ2FBaZE1UqSg8 kifw== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=jUAHfpEl; dkim=fail header.i=@chromium.org header.s=google header.b=cyjFUSm4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id t66si1105888pgc.160.2018.03.09.10.44.31; Fri, 09 Mar 2018 10:44:46 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=fail header.i=@google.com header.s=20161025 header.b=jUAHfpEl; dkim=fail header.i=@chromium.org header.s=google header.b=cyjFUSm4; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932588AbeCISnJ (ORCPT + 99 others); Fri, 9 Mar 2018 13:43:09 -0500 Received: from mail-ua0-f194.google.com ([209.85.217.194]:33701 "EHLO mail-ua0-f194.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932557AbeCISnH (ORCPT ); Fri, 9 Mar 2018 13:43:07 -0500 Received: by mail-ua0-f194.google.com with SMTP id f6so2910799ual.0 for ; Fri, 09 Mar 2018 10:43:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=xjrTs4iSBRjgG1Ez9nuS2pSYpJUTcS5o/rgA1tdfouk=; b=jUAHfpElX7ZouaG8Fu41Yhuk5UY/3fl9EZ9RSt/KgpjRu3PxfBVbAXbddmfZgpVzE3 826Eowe/Cm4v37ZjlmcIlWM+zca6lmqXkpntLcOB9uwWhswhZFP/FUZ9B/5EJBI4GJSs Uw0kiXAdZo1sQapedkOPeNBE4r7YZgjA3sEq9QfmnXm2qFHzEwZ31HBREGOb+6yiP/BP KumF9cCWQ836590eO7XD0MdUWkySQuH9a65yU/gS6dBGcIbf4AvHN5X2yodcC8hp7bsH AD2yYzwJ0MPwKFviDUU2HGCcHabkArilJ0seZqrq/1WKcb9dSucHBqt/CW61OUPOLbMv skVQ== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=xjrTs4iSBRjgG1Ez9nuS2pSYpJUTcS5o/rgA1tdfouk=; b=cyjFUSm4AjJvARNAaRSAdbC38mYJZhJhjeYRRYkvk9M47guJx/CPXDzGGjIMwvKQyl g0VgJZeFCUuubVGRdjMRHVY6RH1hBeffYV5Vlu4EwqnoyeSA2pZRcEHABiI4SenQeWBA ZrQ538kyg3CILSnn0xVjkW8TeC1G2FjIevR4E= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=xjrTs4iSBRjgG1Ez9nuS2pSYpJUTcS5o/rgA1tdfouk=; b=jSGFYXw0q3oz2FbSYHGyOl8KjjduGzjyot2IRDFTjB7rLNa2UdbvhujwufDP3bef9+ CZm+t9g09vG7KAE2AT43xiUv6EZmfs6CJoOVyg777yjEMNlRayG3Ehfp3oZeyshncizc vt88QA9hdnz4XFUF6hC6/MpsWxo2yQgz0QmxjQ7gjWf62Rv9MYVnCASx1OSZNX/7KgW0 JDrOfda/zuSf4AV/l/w+OG+f81K45Ul6DUfVk7PjSwx+2uM8z1FbgfGRpYvClv0S588s Y3e1ssaObWrdrz4DdQM9ojLHfqJ9iRX7dUxxiNnEO50RMXiBFA8UF6eg0Opc3HJy2I1y 87XA== X-Gm-Message-State: AElRT7H/6oU6nLVfbGgZm8q5bKf8Day6oPnpYa2y5kiA/B6Q4f6mqxZ7 nMntnpuKhH4v7ViTwyDez+7WgqUSpMm6vucUAXjZbw== X-Received: by 10.159.38.51 with SMTP id 48mr24702574uag.193.1520620985637; Fri, 09 Mar 2018 10:43:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.31.242.140 with HTTP; Fri, 9 Mar 2018 10:43:04 -0800 (PST) In-Reply-To: <20180309.133509.1275903267249306409.davem@davemloft.net> References: <87478c51-59a7-f6ac-1fb2-f3ca2dcf658b@fb.com> <20180309.133509.1275903267249306409.davem@davemloft.net> From: Kees Cook Date: Fri, 9 Mar 2018 10:43:04 -0800 X-Google-Sender-Auth: a2OfxbmnYYGnj1GF7Z6dblf5GUE Message-ID: Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries To: David Miller Cc: Linus Torvalds , Alexei Starovoitov , Andy Lutomirski , Alexei Starovoitov , Djalal Harouni , Al Viro , Daniel Borkmann , Greg KH , "Luis R. Rodriguez" , Network Development , LKML , kernel-team , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Fri, Mar 9, 2018 at 10:35 AM, David Miller wrote: > From: Linus Torvalds > Date: Fri, 9 Mar 2018 10:17:42 -0800 > >> - use deny_write_access() to make sure that we don't have active >> writers and cannot get them during the execve. > > I agree that this is necessary for image validation purposes. Module loading (via kernel_read_file()) already uses deny_write_access(), and so does do_open_execat(). As long as module loading doesn't call allow_write_access() before the execve() has started in the new implementation, I think we'd be covered here. -Kees -- Kees Cook Pixel Security