kernel-hardening - Re: [RFC PATCH v1 0/5] Add support for O

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Wed, 12 Dec 2018 21:13:16 +0100
From: Florian Weimer <fweimer@...hat.com>
To: James Morris <jmorris@...ei.org>
Cc: Mickaël Salaün <mic@...ikod.net>,
  linux-kernel@...r.kernel.org,  Al Viro <viro@...iv.linux.org.uk>,
  Jonathan Corbet <corbet@....net>,  Kees Cook <keescook@...omium.org>,
  Matthew Garrett <mjg59@...gle.com>,  Michael Kerrisk
 <mtk.manpages@...il.com>,  Mickaël Salaün
 <mickael.salaun@....gouv.fr>,  Mimi Zohar <zohar@...ux.ibm.com>,  Philippe
 Trébuchet <philippe.trebuchet@....gouv.fr>,  Shuah Khan
 <shuah@...nel.org>,  Thibaut Sautereau <thibaut.sautereau@....gouv.fr>,
  Vincent Strubel <vincent.strubel@....gouv.fr>,  Yves-Alexis Perez
 <yves-alexis.perez@....gouv.fr>,  kernel-hardening@...ts.openwall.com,
  linux-api@...r.kernel.org,  linux-security-module@...r.kernel.org,
  linux-fsdevel@...r.kernel.org
Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC

* James Morris:

> If you're depending on the script interpreter to flag that the user may 
> execute code, this seems to be equivalent in security terms to depending 
> on the user.  e.g. what if the user uses ptrace and clears O_MAYEXEC?

The argument I've heard is this: Using ptrace (and adding the +x
attribute) are auditable events.

Florian

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.