Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 13 Dec 2018 04:16:46 -0800
From: Matthew Wilcox <>
To: Mimi Zohar <>
Cc: Mickaël Salaün <>,, Al Viro <>,
	James Morris <>, Jonathan Corbet <>,
	Kees Cook <>,
	Matthew Garrett <>,
	Michael Kerrisk <>,
	Mickaël Salaün <>,
	Philippe Trébuchet <>,
	Shuah Khan <>,
	Thibaut Sautereau <>,
	Vincent Strubel <>,
	Yves-Alexis Perez <>,,,,
Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC

On Thu, Dec 13, 2018 at 06:04:20AM -0500, Mimi Zohar wrote:
> > I don't have a problem with the concept, but we're running low on O_ bits.
> > Does this have to be done before the process gets a file descriptor,
> > or could we have a new syscall?  Since we're going to be changing the
> > interpreters anyway, it doesn't seem like too much of an imposition to
> > ask them to use:
> > 
> > 	int verify_for_exec(int fd)
> > 
> > instead of adding an O_MAYEXEC.
> The indication needs to be set during file open, before the open
> returns to the caller.  This is the point where ima_file_check()
> verifies the file's signature.  On failure, access to the file is
> denied.

I understand that's what happens today, but do we need to do it that way?
There's no harm in the interpreter having an fd to a file if it knows
not to execute it.  This is different from a program opening a file and
having the LSM deny access to it because it violates the security model.

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.