Linux kernel stable tree (mirror) https://git.radix-linux.su/kernel/linux.git/atom?h=v6.19.11 2024-12-19T01:00:29+00:00 2024-12-19T01:00:29+00:00 Mickaël Salaün mic@digikod.net 2024-12-12T17:42:22+00:00 urn:sha1:2a69962be4a7e97ab347e05826480a3352c6fbc8 Add a very simple script interpreter called "inc" that can evaluate two different commands (one per line): - "?" to initialize a counter from user's input; - "+" to increment the counter (which is set to 0 by default). It is enlighten to only interpret executable files according to AT_EXECVE_CHECK and the related securebits: # Executing a script with RESTRICT_FILE is only allowed if the script # is executable: ./set-exec -f -- ./inc script-exec.inc # Allowed ./set-exec -f -- ./inc script-noexec.inc # Denied # Executing stdin with DENY_INTERACTIVE is only allowed if stdin is an # executable regular file: ./set-exec -i -- ./inc -i < script-exec.inc # Allowed ./set-exec -i -- ./inc -i < script-noexec.inc # Denied # However, a pipe is not executable and it is then denied: cat script-noexec.inc | ./set-exec -i -- ./inc -i # Denied # Executing raw data (e.g. command argument) with DENY_INTERACTIVE is # always denied. ./set-exec -i -- ./inc -c "+" # Denied ./inc -c "$(<script-ask.inc)" # Allowed # To directly execute a script, we can update $PATH (used by `env`): PATH="${PATH}:." ./script-exec.inc # To execute several commands passed as argument: Add a complete test suite to check the script interpreter against all possible execution cases: make TARGETS=exec kselftest-install ./tools/testing/selftests/kselftest_install/run_kselftest.sh Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Paul Moore <paul@paul-moore.com> Cc: Serge Hallyn <serge@hallyn.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Link: https://lore.kernel.org/r/20241212174223.389435-8-mic@digikod.net Signed-off-by: Kees Cook <kees@kernel.org> 2024-12-19T01:00:29+00:00 Mickaël Salaün mic@digikod.net 2024-12-12T17:42:18+00:00 urn:sha1:b083cc815376a8ccfba6535b4d59a396b77601d4 Test that checks performed by execveat(..., AT_EXECVE_CHECK) are consistent with noexec mount points and file execute permissions. Test that SECBIT_EXEC_RESTRICT_FILE and SECBIT_EXEC_DENY_INTERACTIVE are inherited by child processes and that they can be pinned with the appropriate SECBIT_EXEC_RESTRICT_FILE_LOCKED and SECBIT_EXEC_DENY_INTERACTIVE_LOCKED bits. Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Christian Brauner <brauner@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Paul Moore <paul@paul-moore.com> Cc: Serge Hallyn <serge@hallyn.com> Signed-off-by: Mickaël Salaün <mic@digikod.net> Link: https://lore.kernel.org/r/20241212174223.389435-4-mic@digikod.net Signed-off-by: Kees Cook <kees@kernel.org> 2024-09-30T17:42:19+00:00 Javier Carrasco javier.carrasco.cruz@gmail.com 2024-09-25T21:55:15+00:00 urn:sha1:45a8897db67d43aad3a17a792fe06a6306f483d6 The name of the "load_address" objects has been modified, but the corresponding entry in the gitignore file must be updated. Update the load_address entry in the gitignore file to account for the new names, adding an exception to keep on tracking load_address.c. Signed-off-by: Javier Carrasco <javier.carrasco.cruz@gmail.com> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 2022-03-03T22:17:04+00:00 Muhammad Usama Anjum usama.anjum@collabora.com 2022-03-02T18:01:19+00:00 urn:sha1:c7b9c68fc01b468983c8f4745f400fa74c831005 Add generated files non-regular and null-argv to .gitignore file. Signed-off-by: Muhammad Usama Anjum <usama.anjum@collabora.com> Reviewed-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 2020-10-16T18:11:21+00:00 Chris Kennelly ckennelly@google.com 2020-10-16T03:12:36+00:00 urn:sha1:206e22f01941b19f9466f48b53cc0d19de493e7a This produces a PIE binary with a variety of p_align requirements, suitable for verifying that the load address meets that alignment requirement. Signed-off-by: Chris Kennelly <ckennelly@google.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: Shuah Khan <shuah@kernel.org> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: David Rientjes <rientjes@google.com> Cc: Fangrui Song <maskray@google.com> Cc: Hugh Dickens <hughd@google.com> Cc: Ian Rogers <irogers@google.com> Cc: "Kirill A. Shutemov" <kirill.shutemov@linux.intel.com> Cc: Mike Kravetz <mike.kravetz@oracle.com> Cc: Nick Desaulniers <ndesaulniers@google.com> Cc: Sandeep Patil <sspatil@google.com> Cc: Song Liu <songliubraving@fb.com> Cc: Suren Baghdasaryan <surenb@google.com> Link: https://lkml.kernel.org/r/20200820170541.1132271-3-ckennelly@google.com Link: https://lkml.kernel.org/r/20200821233848.3904680-3-ckennelly@google.com Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2020-08-15T02:56:56+00:00 Kees Cook keescook@chromium.org 2020-08-15T00:30:17+00:00 urn:sha1:0f71241a8e32baf9ac290cf915bc9b3ff265f7d3 Make sure execve() returns the expected errno values for non-regular files. Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Cc: Marc Zyngier <maz@kernel.org> Link: http://lkml.kernel.org/r/20200813231723.2725102-3-keescook@chromium.org Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2020-05-22T15:29:00+00:00 Kees Cook keescook@chromium.org 2020-05-18T04:47:43+00:00 urn:sha1:61016db15b8e20f371352db6a75b044ec3183fe7 Add a named pipe as an exec target to make sure that non-regular files are rejected by execve() with EACCES. This can help verify commit 73601ea5b7b1 ("fs/open.c: allow opening only regular files during execve()"). Signed-off-by: Kees Cook <keescook@chromium.org> Signed-off-by: Shuah Khan <skhan@linuxfoundation.org> 2020-03-25T10:50:48+00:00 Masahiro Yamada masahiroy@kernel.org 2020-03-03T13:35:59+00:00 urn:sha1:d198b34f3855eee2571dda03eea75a09c7c31480 Add SPDX License Identifier to all .gitignore files. Signed-off-by: Masahiro Yamada <masahiroy@kernel.org> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-05-15T02:52:50+00:00 Alexey Dobriyan adobriyan@gmail.com 2019-05-14T22:44:43+00:00 urn:sha1:4e7301e6df9595e34e52acc18b943d00c4865e3d Test that trivially recursing script onto itself doesn't work. Note: this is different test from ELOOP tests in execveat.c Those test that execveat(2) doesn't follow symlinks when told to do so. Link: http://lkml.kernel.org/r/20190423192720.GA21433@avx2 Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Shuah Khan <shuah@kernel.org> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> 2014-12-13T20:42:51+00:00 David Drysdale drysdale@google.com 2014-12-13T00:57:36+00:00 urn:sha1:c9b26b81af9c3296685b5dbcbcd415400ab400dc Signed-off-by: David Drysdale <drysdale@google.com> Cc: Meredydd Luff <meredydd@senatehouse.org> Cc: Shuah Khan <shuah.kh@samsung.com> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Andy Lutomirski <luto@amacapital.net> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: Thomas Gleixner <tglx@linutronix.de> Cc: Ingo Molnar <mingo@redhat.com> Cc: "H. Peter Anvin" <hpa@zytor.com> Cc: Kees Cook <keescook@chromium.org> Cc: Arnd Bergmann <arnd@arndb.de> Cc: Rich Felker <dalias@aerifal.cx> Cc: Christoph Hellwig <hch@infradead.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>