Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2070083imu;
        Wed, 12 Dec 2018 09:02:10 -0800 (PST)
X-Google-Smtp-Source: AFSGD/XVdl+/w0QvfTT91Xsjx3HMhCouFG5h9WPOzcs8HCYJ+PrRpxsJV+IzECNN/n+ZWOOqqNzf
X-Received: by 2002:a62:7796:: with SMTP id s144mr20751630pfc.26.1544634130401;
        Wed, 12 Dec 2018 09:02:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544634130; cv=none;
        d=google.com; s=arc-20160816;
        b=WnxyRWIfacm1Re8dbH7KqroiPED57a3m5a7DJm5vqu0ZQwIobcfBO1BOqJD97cXZNS
         AF4NGIP2HtewNB+8YT0CCO8gfsIdWYzQxNnVN1gyYpRr45B4mKHuXqAgh+VJ+XeHtbFK
         5eaSNkobA2o3kIMgShf3q3HjHiENHk05PHFv4NrD/yVooQWCmDU59nJrIjAnj4Ror5U4
         F4aGxxN6HuWEXfEbW/OUtntfQN+wCFONuUW4URQY5Ncg6UJYObVOdJVwNSF4pqOxFZ68
         lEky6dHAjCTcXdhtS6dOwciea0KPZ17E2kqfCEkPnBgxolgmeBpbFrWpOs+d1il47DVy
         ZUNQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding
         :content-language:in-reply-to:mime-version:user-agent:date
         :message-id:from:references:cc:to:subject:dkim-signature;
        bh=ihOtmNqY6SVpSEpo+JHarD+jucKAimXrsTh73fhWD90=;
        b=P7lsg3JU98L5j/D4mbOkwcbzm54EHfVLe6opc+pjeTeo9/3JLZmTNkScQK5/+Mul0H
         NBR93TKrdZqY17zjURaqTED2gy2RN8cxSj6498OkHmAHdmMB4yDul8sQ+v/Bb1ARNSSl
         Xxm7evDCAWTDNXHSvtJiaXLb0J60oSpPEL8UPUlz1aIYDPV1QUVGYyqaRv1lv+4+un39
         jjKbosiYCljRQ2n2HV4AIzyME65HTJJATiWod34jGljH7XjgshIDZEsyVK4Amfj/t1P8
         mz7aFoMEDc1aMC1v5wG0KeFfjpRnIrJG64HHCfYzrpBvSLJ+JIQ9X25Ke7XiY0WC+4F2
         f7Iw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@ssi.gouv.fr header.s=20160407 header.b="Ph/RkYFS";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id j70si14518517pgd.138.2018.12.12.09.01.54;
        Wed, 12 Dec 2018 09:02:10 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@ssi.gouv.fr header.s=20160407 header.b="Ph/RkYFS";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727937AbeLLRBA (ORCPT <rfc822;huangleihappily@gmail.com>
        + 99 others); Wed, 12 Dec 2018 12:01:00 -0500
Received: from smtp-out.ssi.gouv.fr ([86.65.182.90]:50040 "EHLO
        smtp-out.ssi.gouv.fr" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727681AbeLLRA7 (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 Dec 2018 12:00:59 -0500
Received: from smtp-out.ssi.gouv.fr (localhost [127.0.0.1])
        by smtp-out.ssi.gouv.fr (Postfix) with ESMTP id 02B7DD0006B;
        Wed, 12 Dec 2018 18:01:06 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ssi.gouv.fr;
        s=20160407; t=1544634066;
        bh=PGQIfl8GvoOs1KqhFUvGy6lVfeojWfWYhz5V40aZpE4=;
        h=Subject:To:CC:References:From:Date:In-Reply-To:From:Subject;
        b=Ph/RkYFSEdsJ4++lI5qLDDZdMG1C1S6JQeFJOud5umJUer1+Aaze6y3zUKMwIxXXx
         JDeBkS4r3nl2u2jwYAxNqkbp6MlRJewHdi9rmMz5vJvzr8Nl4f+0zRe72vwsrUHYc2
         FDJWuGTpwsugXGEMKFliheCe4aCNBhi+AJqPGOvJ/yertoUPer5SKpore4AqQRV5/3
         r5yTCgLBPUKWiiV8dFtR/bn5FBh93kSq+24YNL32eShjmjsA5qwR6m1flvj7yN8Bx1
         NfziqZgwIYMhKwfXE2LK0a5Sm/f7KWV+T7ZvhgvR1KTd3V+805WZGxLVRI3vvJhq//
         8fRwnG5ZFPDXg==
Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC
To:     Jordan Glover <Golden_Miller83@protonmail.ch>,
        =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= <mic@digikod.net>
CC:     "linux-kernel@vger.kernel.org" <linux-kernel@vger.kernel.org>,
        Al Viro <viro@zeniv.linux.org.uk>,
        James Morris <jmorris@namei.org>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Matthew Garrett <mjg59@google.com>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        Mimi Zohar <zohar@linux.ibm.com>,
        =?UTF-8?Q?Philippe_Tr=c3=a9buchet?= 
        <philippe.trebuchet@ssi.gouv.fr>, Shuah Khan <shuah@kernel.org>,
        Thibaut Sautereau <thibaut.sautereau@ssi.gouv.fr>,
        Vincent Strubel <vincent.strubel@ssi.gouv.fr>,
        Yves-Alexis Perez <yves-alexis.perez@ssi.gouv.fr>,
        "kernel-hardening@lists.openwall.com" 
        <kernel-hardening@lists.openwall.com>,
        "linux-api@vger.kernel.org" <linux-api@vger.kernel.org>,
        "linux-security-module@vger.kernel.org" 
        <linux-security-module@vger.kernel.org>,
        "linux-fsdevel@vger.kernel.org" <linux-fsdevel@vger.kernel.org>
References: <20181212081712.32347-1-mic@digikod.net>
 <ML-sxPRwNNExkZHkXghYN7e3VrhuZXYLjFv-aniX8qbjcde2GfHMBaI4B3A7IoUEfycQcWCPuxATkYHOz--FqMjH1KRwxMxBCb6Q-1IsKTM=@protonmail.ch>
From:   =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= <mickael.salaun@ssi.gouv.fr>
Message-ID: <7c498761-7d74-956c-01df-1c8f39c10519@ssi.gouv.fr>
Date:   Wed, 12 Dec 2018 18:01:04 +0100
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:52.0) Gecko/20100101
 Thunderbird/52.6.0
MIME-Version: 1.0
In-Reply-To: <ML-sxPRwNNExkZHkXghYN7e3VrhuZXYLjFv-aniX8qbjcde2GfHMBaI4B3A7IoUEfycQcWCPuxATkYHOz--FqMjH1KRwxMxBCb6Q-1IsKTM=@protonmail.ch>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org


Le 12/12/2018 à 17:29, Jordan Glover a écrit :
> On Wednesday, December 12, 2018 9:17 AM, Mickaël Salaün <mic@digikod.net> wrote:
> 
>> Hi,
>>
>> The goal of this patch series is to control script interpretation. A
>> new O_MAYEXEC flag used by sys_open() is added to enable userland script
>> interpreter to delegate to the kernel (and thus the system security
>> policy) the permission to interpret scripts or other files containing
>> what can be seen as commands.
>>
>> The security policy is the responsibility of an LSM. A basic
>> system-wide policy is implemented with Yama and configurable through a
>> sysctl.
>>
>> The initial idea come from CLIP OS and the original implementation has
>> been used for more than 10 years:
>> https://github.com/clipos-archive/clipos4_doc
>>
>> An introduction to O_MAYEXEC was given at the Linux Security Summit
>> Europe 2018 - Linux Kernel Security Contributions by ANSSI:
>> https://www.youtube.com/watch?v=chNjCRtPKQY&t=17m15s
>> The "write xor execute" principle was explained at Kernel Recipes 2018 -
>> CLIP OS: a defense-in-depth OS:
>> https://www.youtube.com/watch?v=PjRE0uBtkHU&t=11m14s
>>
>> This patch series can be applied on top of v4.20-rc6. This can be
>> tested with CONFIG_SECURITY_YAMA. I would really appreciate
>> constructive comments on this RFC.
>>
>> Regards,
>>
> 
> Are various interpreters upstreams interested in adding support
> for O_MAYEXEC if it land in kernel? Did you contacted them about this?

I think the first step is to be OK on the kernel side. We will then be
able to help upstream interpreters implement this feature. It should be
OK because the behavior doesn't change by default, i.e. if the sysadmin
doesn't configure (and test) the whole system. Some examples of modified
interpreters can be found at
https://github.com/clipos-archive/clipos4_portage-overlay/search?q=O_MAYEXEC
.

 Mickaël