Received: by 2002:a25:23cc:0:0:0:0:0 with SMTP id j195csp853761ybj; Tue, 5 May 2020 08:34:20 -0700 (PDT) X-Google-Smtp-Source: APiQypL33O93O79N0yHWST2+0zo3pOOcfagwnckKzY6s1fBgID5TTlSDuCOlzbFfNgM4UbR/j7Zo X-Received: by 2002:a05:6402:1adc:: with SMTP id ba28mr3232281edb.12.1588692860448; Tue, 05 May 2020 08:34:20 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1588692860; cv=none; d=google.com; s=arc-20160816; b=LcqF8YQvGhpl7L9sU/bjOiD7N2PtsqnsxeoM4iWptbZQJ8GMHVOb+ZVETAruaFXvaj 7CuRRlBC4PY6YFqsy0cUdN47zIhzyNvJC/zFm1lPII3ltCk8vIL+mlevhbtBFsOwRDwi kL2sGKlB/LFXnTZpbeQOvUsfvg5PphUZq5+MS/3rl/zTm7D7uAZQAGWk8F4a82Yktmqh nkVSp1dWJUE8cRRmhcEARBs8IPRZsuHMnuYqp5cehPyhnMZcU8Z5QIhCGXSuOsiNalYZ CR29zokLCKlg/wuJndd12IC8Ca5TC/77PQvCqfAdf3eGaEniEQyDLmMkDrGg/U/4kgNB R8bg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:date:subject:cc:to:from; bh=NT7p2wCd9E3BylT3nQFp2FGP5bVCpwqMOh7dlggeIPM=; b=u2LkO8gGEp0pcUhX7hc2Uy/VFtz/1tmIearYk6+MLpr4pEIldoAFMBKqiK6Ho7Y/6B W8Lj/8t0jde0TdJO6vDwwcN01YqAliDIToUmothwuTS5Rr+dkkdH1EzyLH09E15kLYtS sl4oHsngC1oabnBYRth1X3zUPv18AEQy17FEzKFmtD2E0enuC2oaLMnXJMCXWIzIrGOe aI1berJVIGG/x3g+2jDMK77dS72D9voq1CbOMLp6tvH/GcVPz3I63whF0u/wWC3IcPi1 TD+v7krl6F8CVBAJiodmZSKukmgKtv06yTO2Zx4yrj445euCIVOECrWdVHBdiE+QNgAY b8eA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id ch12si1382915ejb.36.2020.05.05.08.33.55; Tue, 05 May 2020 08:34:20 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730079AbgEEPcY (ORCPT + 99 others); Tue, 5 May 2020 11:32:24 -0400 Received: from smtp-42ab.mail.infomaniak.ch ([84.16.66.171]:57455 "EHLO smtp-42ab.mail.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729858AbgEEPcX (ORCPT ); Tue, 5 May 2020 11:32:23 -0400 Received: from smtp-3-0001.mail.infomaniak.ch (unknown [10.4.36.108]) by smtp-2-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 49GkHT2wK6zlhjXL; Tue, 5 May 2020 17:32:21 +0200 (CEST) Received: from localhost (unknown [94.23.54.103]) by smtp-3-0001.mail.infomaniak.ch (Postfix) with ESMTPA id 49GkHS4fpxzlsV54; Tue, 5 May 2020 17:32:20 +0200 (CEST) From: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= To: linux-kernel@vger.kernel.org Cc: =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Aleksa Sarai , Alexei Starovoitov , Al Viro , Andy Lutomirski , Christian Heimes , Daniel Borkmann , Deven Bowers , Eric Chiang , Florian Weimer , James Morris , Jan Kara , Jann Horn , Jonathan Corbet , Kees Cook , Lakshmi Ramasubramanian , Matthew Garrett , Matthew Wilcox , Michael Kerrisk , =?UTF-8?q?Micka=C3=ABl=20Sala=C3=BCn?= , Mimi Zohar , =?UTF-8?q?Philippe=20Tr=C3=A9buchet?= , Scott Shell , Sean Christopherson , Shuah Khan , Steve Dower , Steve Grubb , Thibaut Sautereau , Vincent Strubel , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: [PATCH v5 2/6] fs: Add a MAY_EXECMOUNT flag to infer the noexec mount property Date: Tue, 5 May 2020 17:31:52 +0200 Message-Id: <20200505153156.925111-3-mic@digikod.net> X-Mailer: git-send-email 2.26.2 In-Reply-To: <20200505153156.925111-1-mic@digikod.net> References: <20200505153156.925111-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This new MAY_EXECMOUNT flag enables to check if the underlying mount point of an inode is marked as executable. This is useful to implement a security policy taking advantage of the noexec mount option. This flag is set according to path_noexec(), which checks if a mount point is mounted with MNT_NOEXEC or if the underlying superblock is SB_I_NOEXEC. Signed-off-by: Mickaël Salaün Reviewed-by: Philippe Trébuchet Reviewed-by: Thibaut Sautereau Cc: Aleksa Sarai Cc: Al Viro Cc: Kees Cook --- fs/namei.c | 2 ++ include/linux/fs.h | 2 ++ 2 files changed, 4 insertions(+) diff --git a/fs/namei.c b/fs/namei.c index a320371899cf..33b6d372e74a 100644 --- a/fs/namei.c +++ b/fs/namei.c @@ -2849,6 +2849,8 @@ static int may_open(const struct path *path, int acc_mode, int flag) break; } + /* Pass the mount point executability. */ + acc_mode |= path_noexec(path) ? 0 : MAY_EXECMOUNT; error = inode_permission(inode, MAY_OPEN | acc_mode); if (error) return error; diff --git a/include/linux/fs.h b/include/linux/fs.h index 313c934de9ee..79435fca6c3e 100644 --- a/include/linux/fs.h +++ b/include/linux/fs.h @@ -103,6 +103,8 @@ typedef int (dio_iodone_t)(struct kiocb *iocb, loff_t offset, #define MAY_NOT_BLOCK 0x00000080 /* the inode is opened with O_MAYEXEC */ #define MAY_OPENEXEC 0x00000100 +/* the mount point is marked as executable */ +#define MAY_EXECMOUNT 0x00000200 /* * flags in file.f_mode. Note that FMODE_READ and FMODE_WRITE must correspond -- 2.26.2