Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 12 Dec 2018 19:02:28 -0800
From: Matthew Wilcox <>
To: Mickaël Salaün <>
Cc:, Al Viro <>,
	James Morris <>, Jonathan Corbet <>,
	Kees Cook <>,
	Matthew Garrett <>,
	Michael Kerrisk <>,
	Mickaël Salaün <>,
	Mimi Zohar <>,
	Philippe Trébuchet <>,
	Shuah Khan <>,
	Thibaut Sautereau <>,
	Vincent Strubel <>,
	Yves-Alexis Perez <>,,,,
Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC

On Wed, Dec 12, 2018 at 09:17:07AM +0100, Mickaël Salaün wrote:
> The goal of this patch series is to control script interpretation.  A
> new O_MAYEXEC flag used by sys_open() is added to enable userland script
> interpreter to delegate to the kernel (and thus the system security
> policy) the permission to interpret scripts or other files containing
> what can be seen as commands.

I don't have a problem with the concept, but we're running low on O_ bits.
Does this have to be done before the process gets a file descriptor,
or could we have a new syscall?  Since we're going to be changing the
interpreters anyway, it doesn't seem like too much of an imposition to
ask them to use:

	int verify_for_exec(int fd)

instead of adding an O_MAYEXEC.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.