Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Dec 2018 21:13:16 +0100
From: Florian Weimer <>
To: James Morris <>
Cc: Mickaël Salaün <>,,  Al Viro <>,
  Jonathan Corbet <>,  Kees Cook <>,
  Matthew Garrett <>,  Michael Kerrisk
 <>,  Mickaël Salaün
 <>,  Mimi Zohar <>,  Philippe
 Trébuchet <>,  Shuah Khan
 <>,  Thibaut Sautereau <>,
  Vincent Strubel <>,  Yves-Alexis Perez
Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC

* James Morris:

> If you're depending on the script interpreter to flag that the user may 
> execute code, this seems to be equivalent in security terms to depending 
> on the user.  e.g. what if the user uses ptrace and clears O_MAYEXEC?

The argument I've heard is this: Using ptrace (and adding the +x
attribute) are auditable events.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.