[PATCH] selinux: add executable stack check

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

This patch adds an execstack permission check that controls the ability to
make the main process stack executable so that attempts to make the stack
executable can still be prevented even if the process is allowed the
existing execmem permission in order to e.g. perform runtime code
generation. Note that this does not yet address thread stacks. Note also
that unlike the execmem check, the execstack check is only applied on
mprotect calls, not mmap calls, as the current security_file_mmap hook is
not passed the necessary information presently.

The original author of the code that makes the distinction of the stack
region, is Ingo Molnar, who wrote it within his patch for
/proc/<pid>/maps markers.
(http://marc.theaimsgroup.com/?l=linux-kernel&m=110719881508591&w=2)

The patches also can be found at:
http://pearls.tuxedo-es.org/patches/selinux/policy-execstack.patch
http://pearls.tuxedo-es.org/patches/selinux/kernel-execstack.patch

policy-execstack.patch is the patch that needs to be applied to the policy in
order to support the execstack permission and exclude it
from general_domain_access within macros/core_macros.te.

kernel-execstack.patch adds such permission to the SELinux code within
the kernel and adds the proper permission check to the selinux_file_mprotect() hook.

Signed-off-by: Lorenzo Hernandez Garcia-Hierro <lorenzo@gnu.org>
Acked-by: James Morris <jmorris@redhat.com>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Cc: Ingo Molnar <mingo@elte.hu>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

authored by

Lorenzo Hernandez Garc�a-Hierro and committed by

Linus Torvalds 21 years ago 6b992197 2d15cab8

+12

3 changed files

expand all

security

selinux

hooks.c

include

av_perm_to_string.h

av_permissions.h

+10

security/selinux/hooks.c

··· 2488 2488 if (rc) 2489 2489 return rc; 2490 2490 } 2491 + if (!vma->vm_file && (prot & PROT_EXEC) && 2492 + vma->vm_start <= vma->vm_mm->start_stack && 2493 + vma->vm_end >= vma->vm_mm->start_stack) { 2494 + /* Attempt to make the process stack executable. 2495 + * This has an additional execstack check. 2496 + */ 2497 + rc = task_has_perm(current, current, PROCESS__EXECSTACK); 2498 + if (rc) 2499 + return rc; 2500 + } 2491 2501 #endif 2492 2502 2493 2503 return file_map_prot_check(vma->vm_file, prot, vma->vm_flags&VM_SHARED);

security/selinux/include/av_perm_to_string.h

··· 70 70 S_(SECCLASS_PROCESS, PROCESS__DYNTRANSITION, "dyntransition") 71 71 S_(SECCLASS_PROCESS, PROCESS__SETCURRENT, "setcurrent") 72 72 S_(SECCLASS_PROCESS, PROCESS__EXECMEM, "execmem") 73 + S_(SECCLASS_PROCESS, PROCESS__EXECSTACK, "execstack") 73 74 S_(SECCLASS_MSGQ, MSGQ__ENQUEUE, "enqueue") 74 75 S_(SECCLASS_MSG, MSG__SEND, "send") 75 76 S_(SECCLASS_MSG, MSG__RECEIVE, "receive")

security/selinux/include/av_permissions.h

··· 465 465 #define PROCESS__DYNTRANSITION 0x00800000UL 466 466 #define PROCESS__SETCURRENT 0x01000000UL 467 467 #define PROCESS__EXECMEM 0x02000000UL 468 + #define PROCESS__EXECSTACK 0x04000000UL 468 469 469 470 #define IPC__CREATE 0x00000001UL 470 471 #define IPC__DESTROY 0x00000002UL