On Fri, Nov 16, 2012 at 4:39 PM, Kay Sievers <k...@vrfy.org> wrote: > On Sat, Nov 17, 2012 at 1:27 AM, Greg Kroah-Hartman > <gre...@linuxfoundation.org> wrote: >> On Fri, Nov 16, 2012 at 04:20:16PM -0800, Kees Cook wrote: >>> Since devtmpfs is writable, make the default noexec nosuid as well. This >>> protects from the case of a privileged process having an arbitrary file >>> write flaw and an argumentless arbitrary execution (i.e. it would lack >>> the ability to run "mount -o remount,exec,suid /dev"), with a system >>> that already has nosuid,noexec on all other writable mounts. >>> >>> Cc: ellyjo...@chromium.org >>> Signed-off-by: Kees Cook <keesc...@chromium.org> >>> --- >>> drivers/base/devtmpfs.c | 6 ++++-- >>> 1 file changed, 4 insertions(+), 2 deletions(-) >> >> Have you tested this to verify that it doesn't break anything? >> >> Kay, could this cause any problems that you could think of? > > It breaks all sorts of old, possibly outdated, stuff, that does things > like mapping /dev/mem executable. It for sure used to break X drivers, > that fiddle with the BIOS of cards.
Ah, yeah, you're totally right. Attempting an mmap with PROT_EXEC on /dev/mem would be denied. Is this something we could put behind a CONFIG? -Kees -- Kees Cook Chrome OS Security -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
