Received: by 10.223.185.111 with SMTP id b44csp645447wrg;
        Fri, 9 Mar 2018 10:56:08 -0800 (PST)
X-Google-Smtp-Source: AG47ELt7rPbZb892ZTXdRxRXkgqbdL76ljRRH/GjY2XTFMUV3W+LS8RaE14cpZoO4rzUi7X4naVB
X-Received: by 10.98.171.24 with SMTP id p24mr31092746pff.71.1520621768636;
        Fri, 09 Mar 2018 10:56:08 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1520621768; cv=none;
        d=google.com; s=arc-20160816;
        b=pIlfUhOJ9zqH1inoHd76tdEqhZAlPNFTvs6Ky6+OnoxNXln7Kx2r7fcdlGnQ2q9Fh1
         EhcgCUGrt2xrheOpzJnc419063xWMU6FlxTojm/cffjyv5+XlfKdkdyHviQmS9hjvmCQ
         q8MTmBwa8VbkcR6xKZ3VZEPF+PjxeAtHlTm7jEftH0TsqPq98SdEGwa7M6WlutzExFw4
         7N3S94PSyP+vtc/IgPwVlEVsFvdMmNBjU1YtzOJbUlWIFIxJxAUWGoA+DVKrc/tvREmj
         JNjrYHFb33GWPJ/f+ntxjQi18qOZrVa6X89gCfgrUmZgIeaFXz/EsnxvoIicXL1BwXKH
         rUVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:cc:to:subject:message-id:date:from
         :references:in-reply-to:mime-version:dkim-signature:dkim-signature
         :arc-authentication-results;
        bh=WjreCNu+lZ9yc8NH/eKsheeUYpYrp1GxCinwGaSfF0I=;
        b=fIE4fGMayccdREafxNabZ2kOtpdN0wQkIUW1LXq1Cu9kz5Z9iWh8UM1BSCucugEcM2
         hIt42uuP4UcaiEgnD8vNdYeQ8TX8Zui+aiQT/P7e776wHEZO4dNkkf2UUdL/9ESfZCzP
         7okIxxijkEolY454TwkqGVxIQMbHlSMB9cnEfe6YnJ/a7gtpaZFgz3eUWQLPTctYxoYn
         puYHsGfccJy9K7oLL7H9O+iSCe4uqiSn3H9QF8uVS9HKETqZD2/7F5GwDJhnh200V9Ws
         Ws28fqcebIrqYoNAmCX+D8K+D4Ws9cNGbqHDKvriqJZU9tUf0GKMq0ls4jt7Wdpd0Ays
         13QQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=n+u5rPtq;
       dkim=fail header.i=@chromium.org header.s=google header.b=E9AAlLL6;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id 1-v6si1303682plx.24.2018.03.09.10.55.54;
        Fri, 09 Mar 2018 10:56:08 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=fail header.i=@google.com header.s=20161025 header.b=n+u5rPtq;
       dkim=fail header.i=@chromium.org header.s=google header.b=E9AAlLL6;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=chromium.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932581AbeCISyW (ORCPT <rfc822;kernelgary@gmail.com> + 99 others);
        Fri, 9 Mar 2018 13:54:22 -0500
Received: from mail-ua0-f196.google.com ([209.85.217.196]:42152 "EHLO
        mail-ua0-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S932551AbeCISyM (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Fri, 9 Mar 2018 13:54:12 -0500
Received: by mail-ua0-f196.google.com with SMTP id b23so2906000uak.9
        for <linux-kernel@vger.kernel.org>; Fri, 09 Mar 2018 10:54:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=google.com; s=20161025;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=WjreCNu+lZ9yc8NH/eKsheeUYpYrp1GxCinwGaSfF0I=;
        b=n+u5rPtq5Rybi7hldQ5Kk+Nhb+6wN21AF0WbQRyqEkJm0/PNLAPG6ziqq0lx0OJVYB
         eayXKEifK7W5haCJSLuCmR+eQMq/gBPXp+JGQX0nBLBZYp6W0V0QgkLiYasrgSzYX84g
         /tcLbd9/f7NcfLxyglMIrAe1hpsl4RTeUH//OpDr8kH6/5oVLoOO/sgR+MkxtbYLonmt
         Wi1sNfJOHP232Sos3ZQc1v6fAm1/s6T2y464AwjFA2u3jqM7SsrgfqpWYonlvMwBFTMG
         6ptn2rYTg7pEIP80bYoLQl21EfiMem85x+fqeMPm5YRPM7uAOb2aF+pK8D7N2cZihcK2
         gzCQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=chromium.org; s=google;
        h=mime-version:sender:in-reply-to:references:from:date:message-id
         :subject:to:cc;
        bh=WjreCNu+lZ9yc8NH/eKsheeUYpYrp1GxCinwGaSfF0I=;
        b=E9AAlLL6B2WaJT32WcM63grzrsnFa2YOJ7MW6AV6Oe8VKeIL2L1oeIozDDOgJLYQYe
         RF7vg3br1w5vQdn611d3MaQic8Hc2eznzF+F3rIZhbYrgWezhrDUfQUSS+neJVyG2NLq
         QCQT7kkvIGcGS7vXvm/2KF3hQBc2+zdk2TkUc=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20161025;
        h=x-gm-message-state:mime-version:sender:in-reply-to:references:from
         :date:message-id:subject:to:cc;
        bh=WjreCNu+lZ9yc8NH/eKsheeUYpYrp1GxCinwGaSfF0I=;
        b=R/aA09EBaujeWcQe5MsLmmI5hDwEKnfxqK+ohdBpvYMl+Trh14ddbAKbKrOJhXbvt/
         Yxwv426Caypn611WoZ1Zyq62GiSDhnxVJyfN7eHCRbi7+ypvKYnvQ4Pmx6prN7b/uos/
         HUrK8IbRJE7kN7SSutYxXHl6MHmID/C1FSQTUxSF6/IF6AbvkHruRfy9OCrkdTG1ZW5e
         Xq7ofItjPU6l0FkCzoGT4JcHmqqAriB+baoQhiNdTl+PLedQSN4Ht0Y9qHw1e8gFU00S
         3PJ6AgdgcT2UYPNLe6pqKphR4LVEskIbvGrvKklh8VNFEBaBjViKZTPjsJHCM+ZtoqqO
         CG6Q==
X-Gm-Message-State: APf1xPBWc8xWpvFnZxoIzsIa1m2q9JaUTxKdPvfYAlNUMKmUUIkP9Cyb
        dR2CLCE5BkWaKPfwoOnJ+lo3yUQwJ/gIrBygddopLw==
X-Received: by 10.176.74.90 with SMTP id r26mr23139036uae.164.1520621651180;
 Fri, 09 Mar 2018 10:54:11 -0800 (PST)
MIME-Version: 1.0
Received: by 10.31.242.140 with HTTP; Fri, 9 Mar 2018 10:54:10 -0800 (PST)
In-Reply-To: <CA+55aFzJEkUGfRkKqc8twaDSdSH_r_OWnFm-e4uNQf4SrJy7-A@mail.gmail.com>
References: <C94A45E9-54A0-446D-86D6-82D06E2A35CD@amacapital.net>
 <87478c51-59a7-f6ac-1fb2-f3ca2dcf658b@fb.com> <CA+55aFwfcXzD+pzjN=vTcvscpK97pSztUZ2JK7pABs+rMtM7BQ@mail.gmail.com>
 <20180309.133509.1275903267249306409.davem@davemloft.net> <CAGXu5jJcuSojm_KN5+JQ3fV6J09V6dmNB6haqu11xkXTq=nxog@mail.gmail.com>
 <CA+55aFzJEkUGfRkKqc8twaDSdSH_r_OWnFm-e4uNQf4SrJy7-A@mail.gmail.com>
From:   Kees Cook <keescook@chromium.org>
Date:   Fri, 9 Mar 2018 10:54:10 -0800
X-Google-Sender-Auth: 2v0TFcJuFVGk-vCxVyRqJPr07_k
Message-ID: <CAGXu5j+-M1zWUrA8uX1=f46t2RAym6N-T_Sf8T0P1wFCMhNCAQ@mail.gmail.com>
Subject: Re: [PATCH net-next] modules: allow modprobe load regular elf binaries
To:     Linus Torvalds <torvalds@linux-foundation.org>
Cc:     David Miller <davem@davemloft.net>,
        Alexei Starovoitov <ast@fb.com>,
        Andy Lutomirski <luto@amacapital.net>,
        Alexei Starovoitov <ast@kernel.org>,
        Djalal Harouni <tixxdz@gmail.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Daniel Borkmann <daniel@iogearbox.net>,
        Greg KH <gregkh@linuxfoundation.org>,
        "Luis R. Rodriguez" <mcgrof@kernel.org>,
        Network Development <netdev@vger.kernel.org>,
        LKML <linux-kernel@vger.kernel.org>,
        kernel-team <kernel-team@fb.com>,
        Linux API <linux-api@vger.kernel.org>
Content-Type: text/plain; charset="UTF-8"
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Fri, Mar 9, 2018 at 10:50 AM, Linus Torvalds
<torvalds@linux-foundation.org> wrote:
> On Fri, Mar 9, 2018 at 10:43 AM, Kees Cook <keescook@chromium.org> wrote:
>>
>> Module loading (via kernel_read_file()) already uses
>> deny_write_access(), and so does do_open_execat(). As long as module
>> loading doesn't call allow_write_access() before the execve() has
>> started in the new implementation, I think we'd be covered here.
>
> No. kernel_read_file() only does it *during* the read.

Ah, true. And looking at this again, shouldn't deny_write_access()
happen _before_ the LSM check in kernel_read_file()? That looks like a
problem...

-Kees

-- 
Kees Cook
Pixel Security