On Mon, Apr 07, 2025 at 04:07:47PM +0200, Jan Kara wrote: > On Mon 07-04-25 11:54:19, Christian Brauner wrote: > > It isn't possible to execute anoymous inodes because they cannot be > ^^ anonymous > > > opened in any way after they have been created. This includes execution: > > > > execveat(fd_anon_inode, "", NULL, NULL, AT_EMPTY_PATH) > > > > Anonymous inodes have inode->f_op set to no_open_fops which sets > > no_open() which returns ENXIO. That means any call to do_dentry_open() > > which is the endpoint of the do_open_execat() will fail. There's no > > chance to execute an anonymous inode. Unless a given subsystem overrides > > it ofc. > > > > Howerver, we should still harden this and raise SB_I_NODEV and > ^^^ However > > > SB_I_NOEXEC on the superblock itself so that no one gets any creative > > ideas. > > ;) I've told our new AI overloards to sprinkle-in some typos so no one realizes I've been mostly replaced by a bot. Or I'm just generally tired so I fat-finger a lot more than usual. :D > > Feel free to add: > > Reviewed-by: Jan Kara <jack@xxxxxxx> > > Honza > > > > > Cc: <stable@xxxxxxxxxxxxxxx> # all LTS kernels > > Signed-off-by: Christian Brauner <brauner@xxxxxxxxxx> > > --- > > fs/anon_inodes.c | 2 ++ > > 1 file changed, 2 insertions(+) > > > > diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c > > index cb51a90bece0..e51e7d88980a 100644 > > --- a/fs/anon_inodes.c > > +++ b/fs/anon_inodes.c > > @@ -86,6 +86,8 @@ static int anon_inodefs_init_fs_context(struct fs_context *fc) > > struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC); > > if (!ctx) > > return -ENOMEM; > > + fc->s_iflags |= SB_I_NOEXEC; > > + fc->s_iflags |= SB_I_NODEV; > > ctx->dops = &anon_inodefs_dentry_operations; > > return 0; > > } > > > > -- > > 2.47.2 > > > -- > Jan Kara <jack@xxxxxxxx> > SUSE Labs, CR
