search

landlock-lsm / linux

Linux kernel - See Landlock issues
https://git.kernel.org/pub/scm/linux/kernel/git/mic/linux.git/
Other
33 stars 9 forks source link

Restrict executing on `memfd` #37

Open sisungo opened 2 days ago

sisungo commented 2 days ago

We can run executable files that are only given read but not execute access by copying them into a memfd and then call fexecve on the file descriptor. Should we restrict this?