linux/security/tomoyo
Kees Cook 4759ff71f2 exec: Check __FMODE_EXEC instead of in_execve for LSMs
After commit 978ffcbf00 ("execve: open the executable file before
doing anything else"), current->in_execve was no longer in sync with the
open(). This broke AppArmor and TOMOYO which depend on this flag to
distinguish "open" operations from being "exec" operations.

Instead of moving around in_execve, switch to using __FMODE_EXEC, which
is where the "is this an exec?" intent is stored. Note that TOMOYO still
uses in_execve around cred handling.

Reported-by: Kevin Locke <kevin@kevinlocke.name>
Closes: https://lore.kernel.org/all/ZbE4qn9_h14OqADK@kevinlocke.name
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Fixes: 978ffcbf00 ("execve: open the executable file before doing anything else")
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: James Morris <jmorris@namei.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Jan Kara <jack@suse.cz>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc:  <linux-fsdevel@vger.kernel.org>
Cc:  <linux-mm@kvack.org>
Cc:  <apparmor@lists.ubuntu.com>
Cc:  <linux-security-module@vger.kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-01-24 11:38:58 -08:00
..
policy tomoyo: Do not generate empty policy files 2015-04-07 21:27:45 +02:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
audit.c tomoyo: replace tomoyo_round2() with kmalloc_size_roundup() 2023-03-01 23:46:12 +09:00
common.c tomoyo: add format attributes to functions 2023-07-23 21:25:28 +09:00
common.h tomoyo: remove unused function declaration 2023-08-13 22:07:15 +09:00
condition.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
domain.c tomoyo: refactor deprecated strncpy 2023-08-05 19:55:10 +09:00
environ.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
file.c tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
gc.c tomoyo: Fix typo in comments. 2020-12-06 13:44:57 +09:00
group.c tomoyo: Suppress RCU warning at list_for_each_entry_rcu(). 2019-12-16 23:02:27 +09:00
Kconfig tomoyo: Update website link 2023-01-13 23:11:38 +09:00
load_policy.c TOMOYO: fix __setup handlers return values 2022-02-24 07:45:07 +09:00
Makefile tomoyo: Omit use of bin2c 2023-01-09 21:46:50 +09:00
memory.c tomoyo: Fix null pointer check 2020-11-27 19:36:11 +09:00
mount.c tomoyo: Coding style fix. 2019-01-24 14:50:27 -08:00
network.c tomoyo: don't special case PF_IO_WORKER for PF_KTHREAD 2021-03-28 13:11:29 +09:00
realpath.c tomoyo: struct path it might get from LSM callers won't have NULL dentry or mnt 2022-08-21 11:50:42 -04:00
securityfs_if.c tomoyo: fix doc warnings 2021-06-16 00:01:28 +09:00
tomoyo.c exec: Check __FMODE_EXEC instead of in_execve for LSMs 2024-01-24 11:38:58 -08:00
util.c tomoyo: use hwight16() in tomoyo_domain_quota_is_ok() 2021-12-15 20:13:55 +09:00