[REVIEW][PATCH 1/2] vfs: Commit to never having exectuables on proc and sysfs.

Richard Weinberger richard at nod.at
Fri Jul 10 18:24:41 UTC 2015


Am 10.07.2015 um 18:17 schrieb Eric W. Biederman:
> 
> Today proc and sysfs do not contain any executable files.  Several
> applications today mount proc or sysfs without noexec and nosuid and
> then depend on there being no exectuables files on proc or sysfs.
> Having any executable files show on proc or sysfs would cause
> a user space visible regression, and most likely security problems.
> 
> Therefore commit to never allowing executables on proc and sysfs by
> adding a new flag to mark them as filesystems without executables and
> enforce that flag.
> 
> Test the flag where MNT_NOEXEC is tested today, so that the only user
> visible effect will be that exectuables will be treated as if the
> execute bit is cleared.
> 
> The filesystems proc and sysfs do not currently incoporate any
> executable files so this does not result in any user visible effects.
> 
> This makes it unnecessary to vet changes to proc and sysfs tightly for
> adding exectuable files or changes to chattr that would modify
> existing files, as no matter what the individual file say they will
> not be treated as exectuable files by the vfs.
> 
> Not having to vet changes to closely is important as without this we
> are only one proc_create call (or another goof up in the
> implementation of notify_change) from having problematic executables
> on proc.  Those mistakes are all too easy to make and would create
> a situation where there are security issues or the assumptions of
> some program having to be broken (and cause userspace regressions).

Would it make sense to add SB_I_NOEXEC to more pseudo filesystems?
Say pstore or devpts?

Thanks,
//richard


More information about the Containers mailing list