From nobody Tue Dec 16 21:43:08 2025 Received: from mail.astralinux.ru (mail.astralinux.ru [217.74.38.119]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 920C81BC30; Tue, 16 Jan 2024 12:38:01 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; dmarc=none (p=none dis=none) header.from=astralinux.ru Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=astralinux.ru Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.astralinux.ru (Postfix) with ESMTP id BA4281864EA3; Tue, 16 Jan 2024 15:37:52 +0300 (MSK) Received: from mail.astralinux.ru ([127.0.0.1]) by localhost (rbta-msk-vsrv-mail01.astralinux.ru [127.0.0.1]) (amavisd-new, port 10032) with ESMTP id 87kUh4nzQxwi; Tue, 16 Jan 2024 15:37:52 +0300 (MSK) Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.astralinux.ru (Postfix) with ESMTP id 6B2F11864BCC; Tue, 16 Jan 2024 15:37:52 +0300 (MSK) X-Virus-Scanned: amavisd-new at astralinux.ru Received: from mail.astralinux.ru ([127.0.0.1]) by localhost (rbta-msk-vsrv-mail01.astralinux.ru [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3uTgjf0xa7w9; Tue, 16 Jan 2024 15:37:52 +0300 (MSK) Received: from new-mail.astralinux.ru (unknown [10.177.185.102]) by mail.astralinux.ru (Postfix) with ESMTPS id 2178F1864EA3; Tue, 16 Jan 2024 15:37:52 +0300 (MSK) Received: from [192.168.32.67] (unknown [192.168.32.67]) by new-mail.astralinux.ru (Postfix) with ESMTPA id 4TDpSb5CxMzfYlP; Tue, 16 Jan 2024 15:37:51 +0300 (MSK) Message-ID: <5eb30083-1d8f-02cf-c4bf-2560ad46243d@astralinux.ru> Date: Tue, 16 Jan 2024 15:37:45 +0300 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 User-Agent: RuPost Desktop Content-Language: ru To: linux-kernel@vger.kernel.org, linux-security-module@vger.kernel.org, linux-mm@kvack.org Cc: stephen.smalley.work@gmail.com, aaw@google.com From: Dmitry Mastykin Subject: preventing executable stack with file_mprotect hook Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8"; format="flowed" Hello all, I use the file_mprotect hook to prevent executable stack. It's called=20 from mprotect syscall and prevents linkage with execstack-flagged=20 libraries. But I don't see it called when I execute a simple=20 execstack-flagged binary: int main() { char shell[100] =3D "\xb0\x01" //=20 mov al, 1 "\x31\xdb" // xor ebx, ebx "\xcd\x80" ; // int 0x80=20 ((void(*)())shell)(); return 0; } I'm thinking about a patch like one in=20 the end of this message. I would be glad to have a feedback, if someone=20 find this reasonable. Thank you! Kind regards Dmitry Mastykin diff --git a/fs/exec.c b/fs/exec.c index cebfe15bbad8..0288f14f11b2 100644 --- a/fs/exec.c +++ b/fs/exec.c @@ -50,6 +50,7 @@ #include #include #include +#include #include #include #include @@ -759,6 +760,7 @@ int setup_arg_pages(struct linux_binprm *bprm, struct vm_area_struct *vma =3D bprm->vma; struct vm_area_struct *prev =3D NULL; unsigned long vm_flags; + unsigned long prot =3D 0; unsigned long stack_base; unsigned long stack_size; unsigned long stack_expand; @@ -811,16 +813,19 @@ int setup_arg_pages(struct linux_binprm *bprm, * EXSTACK_ENABLE_X, disable for EXSTACK_DISABLE_X and leave alone * (arch default) otherwise. */ - if (unlikely(executable_stack =3D=3D EXSTACK_ENABLE_X)) + if (unlikely(executable_stack =3D=3D EXSTACK_ENABLE_X)) { + prot |=3D PROT_EXEC; vm_flags |=3D VM_EXEC; - else if (executable_stack =3D=3D EXSTACK_DISABLE_X) + } else if (executable_stack =3D=3D EXSTACK_DISABLE_X) vm_flags &=3D ~VM_EXEC; vm_flags |=3D mm->def_flags; vm_flags |=3D VM_STACK_INCOMPLETE_SETUP; =20 tlb_gather_mmu(&tlb, mm); - ret =3D mprotect_fixup(&tlb, vma, &prev, vma->vm_start, vma->vm_end, - vm_flags); + ret =3D security_file_mprotect(vma, prot, prot); + if (!ret) + ret =3D mprotect_fixup(&tlb, vma, &prev, + vma->vm_start, vma->vm_end, vm_flags); tlb_finish_mmu(&tlb); =20 if (ret)