Date: Thu, 13 Dec 2018 04:16:46 -0800 From: Matthew Wilcox <willy@...radead.org> To: Mimi Zohar <zohar@...ux.ibm.com> Cc: Mickaël Salaün <mic@...ikod.net>, linux-kernel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>, James Morris <jmorris@...ei.org>, Jonathan Corbet <corbet@....net>, Kees Cook <keescook@...omium.org>, Matthew Garrett <mjg59@...gle.com>, Michael Kerrisk <mtk.manpages@...il.com>, Mickaël Salaün <mickael.salaun@....gouv.fr>, Philippe Trébuchet <philippe.trebuchet@....gouv.fr>, Shuah Khan <shuah@...nel.org>, Thibaut Sautereau <thibaut.sautereau@....gouv.fr>, Vincent Strubel <vincent.strubel@....gouv.fr>, Yves-Alexis Perez <yves-alexis.perez@....gouv.fr>, kernel-hardening@...ts.openwall.com, linux-api@...r.kernel.org, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC On Thu, Dec 13, 2018 at 06:04:20AM -0500, Mimi Zohar wrote: > > I don't have a problem with the concept, but we're running low on O_ bits. > > Does this have to be done before the process gets a file descriptor, > > or could we have a new syscall? Since we're going to be changing the > > interpreters anyway, it doesn't seem like too much of an imposition to > > ask them to use: > > > > int verify_for_exec(int fd) > > > > instead of adding an O_MAYEXEC. > > The indication needs to be set during file open, before the open > returns to the caller. This is the point where ima_file_check() > verifies the file's signature. On failure, access to the file is > denied. I understand that's what happens today, but do we need to do it that way? There's no harm in the interpreter having an fd to a file if it knows not to execute it. This is different from a program opening a file and having the LSM deny access to it because it violates the security model.
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.