fs: binfmt_elf_efpic: don't use missing interpreter's properties

Static FDPIC executable may get an executable stack even when it has
non-executable GNU_STACK segment. This happens when STACK segment has rw
permissions, but does not specify stack size. In that case FDPIC loader
uses permissions of the interpreter's stack, and for static executables
with no interpreter it results in choosing the arch-default permissions
for the stack.

Fix that by using the interpreter's properties only when the interpreter
is actually used.

Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Link: https://lore.kernel.org/r/20240118150637.660461-1-jcmvbkbc@gmail.com
Signed-off-by: Kees Cook <keescook@chromium.org>

diff --git a/fs/binfmt_elf_fdpic.c b/fs/binfmt_elf_fdpic.c
index fefc642541cbe421af17506458af4d225c736374..1920ed69279b5805f21ba66772dd661b6e3042e8 100644 (file)
--- a/fs/binfmt_elf_fdpic.c
+++ b/fs/binfmt_elf_fdpic.c
@@ -320,7 +320,7 @@ static int load_elf_fdpic_binary(struct linux_binprm *bprm)
        else
                executable_stack = EXSTACK_DEFAULT;
 
-       if (stack_size == 0) {
+       if (stack_size == 0 && interp_params.flags & ELF_FDPIC_FLAG_PRESENT) {
                stack_size = interp_params.stack_size;
                if (interp_params.flags & ELF_FDPIC_FLAG_EXEC_STACK)
                        executable_stack = EXSTACK_ENABLE_X;