From 1ed95281c0c77dbb1540f9855cd3c5f19900f7a5 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 7 Apr 2025 11:54:19 +0200 Subject: [PATCH] anon_inode: raise SB_I_NODEV and SB_I_NOEXEC It isn't possible to execute anonymous inodes because they cannot be opened in any way after they have been created. This includes execution: execveat(fd_anon_inode, "", NULL, NULL, AT_EMPTY_PATH) Anonymous inodes have inode->f_op set to no_open_fops which sets no_open() which returns ENXIO. That means any call to do_dentry_open() which is the endpoint of the do_open_execat() will fail. There's no chance to execute an anonymous inode. Unless a given subsystem overrides it ofc. However, we should still harden this and raise SB_I_NODEV and SB_I_NOEXEC on the superblock itself so that no one gets any creative ideas. Link: https://lore.kernel.org/20250407-work-anon_inode-v1-5-53a44c20d44e@kernel.org Reviewed-by: Jeff Layton Cc: stable@vger.kernel.org # all LTS kernels Signed-off-by: Christian Brauner --- fs/anon_inodes.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/fs/anon_inodes.c b/fs/anon_inodes.c index cb51a90bece0..e51e7d88980a 100644 --- a/fs/anon_inodes.c +++ b/fs/anon_inodes.c @@ -86,6 +86,8 @@ static int anon_inodefs_init_fs_context(struct fs_context *fc) struct pseudo_fs_context *ctx = init_pseudo(fc, ANON_INODE_FS_MAGIC); if (!ctx) return -ENOMEM; + fc->s_iflags |= SB_I_NOEXEC; + fc->s_iflags |= SB_I_NODEV; ctx->dops = &anon_inodefs_dentry_operations; return 0; } -- 2.25.1