Re: [announce] [patch] NX (No eXecute) support for x86, 2.6.7-rc2-bk2

[Andy Lutomirski]

Andy Lutomirski wrote:

> > > I don't like Ingo's fix either, though.  At least it should check 
> > > CAP_PTRACE or some such.  A better fix would be for LSM to pass down 
> > > a flag indicating a change of security context.  I'll throw that in 
> > > to my caps/apply_creds cleanup, in case that ever gets applied.
> >
> >
> >
> > Don't think we should require an LSM module for that. That's far 
> > overkill.
>
>
> I'm not suggesting a new LSM module.  I'm suggesting modifying the 
> existing LSM code to handle this cleanly.  We already have a function 
> (security_bprm_secureexec) that does something like this, and, in fact, 
> it's probably the right thing to test here.

... or not.

secureexec will return true even if you have whatever cap you want the user 
to have for this to work.

What use to you see for having this flag survive setuid?  The only (safe) 
use I can see is for debugging, in which case just copying the binary and 
running it non-setuid should be OK.

In this case, then secureexec is a better test than setuid-ness because of 
LSMs (like SELinux) in which case setuid is not the only way that security 
can be elevated.

--Andy
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/