Re: [PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs

From: Tetsuo Handa
Date: Thu Jan 25 2024 - 09:35:56 EST

Next message: Frederic Weisbecker: "Re: [PATCH 01/15] tick/nohz: Remove duplicate between tick_nohz_switch_to_nohz() and tick_setup_sched_timer()"
Previous message: Ricardo Neri: "Re: [PATCH v4 1/4] cacheinfo: Check for null last-level cache info"
In reply to: Kees Cook: "Re: [PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs"
Next in thread: Jann Horn: "Re: [PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On 2024/01/25 6:50, Kees Cook wrote:
> Yeah, I was just noticing this. I was over thinking. :) It does look
> like all that is needed is to remove __FMODE_EXEC.

I worry that some out-of-tree kernel code continues using __FMODE_EXEC for
opening for non-execve() purpose. If that happened, TOMOYO will be fooled...
Can't we remove __FMODE_EXEC and FMODE_EXEC flag from f_flags instead of
replacing current->in_execve with file->f_flags & __FMODE_EXEC ?

Next message: Frederic Weisbecker: "Re: [PATCH 01/15] tick/nohz: Remove duplicate between tick_nohz_switch_to_nohz() and tick_setup_sched_timer()"
Previous message: Ricardo Neri: "Re: [PATCH v4 1/4] cacheinfo: Check for null last-level cache info"
In reply to: Kees Cook: "Re: [PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs"
Next in thread: Jann Horn: "Re: [PATCH] exec: Check __FMODE_EXEC instead of in_execve for LSMs"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]