Reconsider blocking of memfd_create with mdwe

[rusty-snake]

We block memfd_create with mdwe because you can

int fd = memfd_create(...);
write(fd, malicious_code, sizeof(malicious_code));
mmap(..., PROT_EXEC, ..., fd);

However you can also do

int fd = open("/tmp", O_TMPFILE);
write(fd, malicious_code, sizeof(malicious_code));
mmap(..., PROT_EXEC, ..., fd);

you can't? Should we block creat/open(at(2)) too? Or miss I something that makes memfd_create special?

Moreover there are a lot programs (GDK) which use memfd_create but no W&X memory which has lead to the removal of mdwe from a lot profiles.

[topimiettinen]

I don't have a strong opinion here. memfd_create can be blocked separately, or maybe there could be a way to specify the method used by MDWE for each app.

Memory W^X policy should be complemented with file system W^X policy (noexec /tmp etc). Though there are better tricks which can evade that too.

Perhaps one day the (too) simple seccomp MDWE will be replaced with an improved in-kernel version:
https://lore.kernel.org/linux-hardening/[email protected]/T/#u