linux/security/apparmor
Kees Cook 4759ff71f2 exec: Check __FMODE_EXEC instead of in_execve for LSMs
After commit 978ffcbf00 ("execve: open the executable file before
doing anything else"), current->in_execve was no longer in sync with the
open(). This broke AppArmor and TOMOYO which depend on this flag to
distinguish "open" operations from being "exec" operations.

Instead of moving around in_execve, switch to using __FMODE_EXEC, which
is where the "is this an exec?" intent is stored. Note that TOMOYO still
uses in_execve around cred handling.

Reported-by: Kevin Locke <kevin@kevinlocke.name>
Closes: https://lore.kernel.org/all/ZbE4qn9_h14OqADK@kevinlocke.name
Suggested-by: Linus Torvalds <torvalds@linux-foundation.org>
Fixes: 978ffcbf00 ("execve: open the executable file before doing anything else")
Cc: Josh Triplett <josh@joshtriplett.org>
Cc: John Johansen <john.johansen@canonical.com>
Cc: Paul Moore <paul@paul-moore.com>
Cc: James Morris <jmorris@namei.org>
Cc: Serge E. Hallyn <serge@hallyn.com>
Cc: Kentaro Takeda <takedakn@nttdata.co.jp>
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Cc: Alexander Viro <viro@zeniv.linux.org.uk>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Jan Kara <jack@suse.cz>
Cc: Eric Biederman <ebiederm@xmission.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
Cc:  <linux-fsdevel@vger.kernel.org>
Cc:  <linux-mm@kvack.org>
Cc:  <apparmor@lists.ubuntu.com>
Cc:  <linux-security-module@vger.kernel.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2024-01-24 11:38:58 -08:00
..
include AppArmor: Add selfattr hooks 2023-11-12 22:54:42 -05:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
apparmorfs.c + Features 2024-01-19 10:53:55 -08:00
audit.c apparmor: add io_uring mediation 2023-10-18 15:58:49 -07:00
capability.c apparmor: Fix some kernel-doc comments 2023-10-23 00:25:49 -07:00
crypto.c apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256 2023-11-19 00:47:56 -08:00
domain.c apparmor: declare stack_msg as static 2023-11-19 00:48:12 -08:00
file.c apparmor: refcount the pdb 2023-10-18 15:30:47 -07:00
ipc.c apparmor: refcount the pdb 2023-10-18 15:30:47 -07:00
Kconfig apparmor: switch SECURITY_APPARMOR_HASH from sha1 to sha256 2023-11-19 00:47:56 -08:00
label.c apparmor: refcount the pdb 2023-10-18 15:30:47 -07:00
lib.c apparmor: fix possible memory leak in unpack_trans_table 2024-01-04 01:34:00 -08:00
lsm.c exec: Check __FMODE_EXEC instead of in_execve for LSMs 2024-01-24 11:38:58 -08:00
Makefile + Features 2022-12-14 13:42:09 -08:00
match.c apparmor: refcount the pdb 2023-10-18 15:30:47 -07:00
mount.c apparmor: Fix move_mount mediation by detecting if source is detached 2024-01-03 12:10:29 -08:00
net.c apparmor: refcount the pdb 2023-10-18 15:30:47 -07:00
nulldfa.in apparmor: cleanup add proper line wrapping to nulldfa.in 2018-02-09 11:30:01 -08:00
path.c security: apparmor: delete repeated words in comments 2021-02-07 04:15:46 -08:00
policy_compat.c apparmor: fixup return comments for kernel doc cleanups by Gaosheng Cui 2023-08-08 13:12:19 -07:00
policy_ns.c apparmor: remove unused functions in policy_ns.c/.h 2023-10-15 21:44:31 -07:00
policy_unpack_test.c apparmor: fix use of strcpy in policy_unpack_test 2023-07-06 10:58:49 -07:00
policy_unpack.c apparmor: Fix memory leak in unpack_profile() 2024-01-09 01:45:25 -08:00
policy.c apparmor: free the allocated pdb objects 2024-01-03 11:48:02 -08:00
procattr.c AppArmor: Add selfattr hooks 2023-11-12 22:54:42 -05:00
resource.c apparmor: pass cred through to audit info. 2023-10-18 15:30:38 -07:00
secid.c apparmor: fix kernel-doc complaints 2023-01-10 10:04:35 -08:00
stacksplitdfa.in apparmor: use the dfa to do label parse string splitting 2018-02-09 11:30:01 -08:00
task.c apparmor: add missing params to aa_may_ptrace kernel-doc comments 2023-11-19 01:19:41 -08:00