Return-Path: <linux-kernel-owner+w=401wt.eu-S1758460AbXFUSxn@vger.kernel.org>
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1758460AbXFUSxn (ORCPT <rfc822;w@1wt.eu>);
	Thu, 21 Jun 2007 14:53:43 -0400
Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1753097AbXFUSxg
	(ORCPT <rfc822;linux-kernel-outgoing>);
	Thu, 21 Jun 2007 14:53:36 -0400
Received: from pentafluge.infradead.org ([213.146.154.40]:40954 "EHLO
	pentafluge.infradead.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1752934AbXFUSxf (ORCPT
	<rfc822;linux-kernel@vger.kernel.org>);
	Thu, 21 Jun 2007 14:53:35 -0400
Subject: Re: [PATCH] Check files' signatures before doing suid/sgid [2/4]
From: Arjan van de Ven <arjan@infradead.org>
To: Alexander Wuerstlein <snalwuer@cip.informatik.uni-erlangen.de>
Cc: linux-kernel@vger.kernel.org, arw@arw.name
In-Reply-To: <20070621174612.GG9741@cip.informatik.uni-erlangen.de>
References: <11824417551424-git-send-email-arw@arw.name>
	 <1182446251.2704.0.camel@laptopd505.fenrus.org>
	 <20070621172557.GE9741@cip.informatik.uni-erlangen.de>
	 <1182446983.2704.4.camel@laptopd505.fenrus.org>
	 <20070621174612.GG9741@cip.informatik.uni-erlangen.de>
Content-Type: text/plain
Organization: Intel International BV
Date: Thu, 21 Jun 2007 11:49:48 -0700
Message-Id: <1182451789.2704.9.camel@laptopd505.fenrus.org>
Mime-Version: 1.0
X-Mailer: Evolution 2.10.2 (2.10.2-2.fc7) 
Content-Transfer-Encoding: 7bit
X-SRS-Rewrite: SMTP reverse-path rewritten from <arjan@infradead.org> by pentafluge.infradead.org
	See http://www.infradead.org/rpr.html
Sender: linux-kernel-owner@vger.kernel.org
X-Mailing-List: linux-kernel@vger.kernel.org
Content-Length: 1820
Lines: 40

On Thu, 2007-06-21 at 19:46 +0200, Alexander Wuerstlein wrote:
> On 070621 19:33, Arjan van de Ven <arjan@infradead.org> wrote:
> > On Thu, 2007-06-21 at 19:25 +0200, Alexander Wuerstlein wrote:
> > > On 070621 19:21, Arjan van de Ven <arjan@infradead.org> wrote:
> > > > On Thu, 2007-06-21 at 18:02 +0200, Alexander Wuerstlein wrote:
> > > > > Modified task_struct to hold a 'signed flag' which is set on exec(), inherited
> > > > > on fork() and checked during exec before giving the new process suid/sgid
> > > > > privileges.
> > > > > 
> > > > 
> > > > 
> > > > 
> > > > do you also check the signature of glibc and every other shared library
> > > > that the app uses (or dlopens)? if not.. the entire exercise is rather
> > > > pointless...
> > > 
> > > We do check that, that is patch [3/4].
> > > 
> > > Of course we can only check mmap-ed files, if there is no file like with JIT
> > > compilers we are out of luck.
> > 
> > or if the process uses read() not mmap().
> 
> If a process uses read() it needs some executable and writable memory. We do
> check for this in mprotect(). There is a problem with the i386-architecture,
> because it allows execution of any readable page (except with newer
> processors). But beyond that ugliness of i386, it should not be possible to
> execute anything without us noticing it (hopefully).

welcome to mprotect() where the app can just change the permissions

-- 
if you want to mail me at work (you don't), use arjan (at) linux.intel.com
Test the interaction between Linux and your BIOS via http://www.linuxfirmwarekit.org

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/