Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp31526imu; Wed, 12 Dec 2018 11:56:01 -0800 (PST) X-Google-Smtp-Source: AFSGD/UD/2WlPBlWXpsa2E3X+IrJvWOUgjye+OfwCMp3scZ9UyP6CXRIlNAid7l34UVjXR23MrsZ X-Received: by 2002:a17:902:b18b:: with SMTP id s11mr20851298plr.56.1544644561251; Wed, 12 Dec 2018 11:56:01 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544644561; cv=none; d=google.com; s=arc-20160816; b=VG6HHfV9ULDU7a7gQNwsyurQUKyfYJYkXWSWHsd0rTMEd9p5rJImwSDSVTrH7K/zXc Ak9vzc+0w1hNWLb46MbxmKFkhQ4Fc7p+PHEbohtVkIIecoyzdfJ3B+cfulBCqz3RnG98 TDx7D6DevgfLw3+CWsfxakYK5VZetcwGwqqJnsGGBx9DHoZGuHhE/9g7GxmuMaCPNYMx 28LSkC8j3xNtLoGik/jK1yPuxFLhTU1hP/F+FuyWmpewNokJ98YqQbeB/B81CocgVZCF 76VxSwUbwQLWhRd5PX0wTHIm4GEYQelI6aqM85MZx+BbWJP+VwJZ3mATjucBw8JD6euB JWqQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-id:mime-version:user-agent :references:message-id:in-reply-to:subject:cc:to:from:date; bh=Ex5HZaXZrzKJAs+78CKO0lx8cHoBCqa60sXKJr/pBU4=; b=X2o0ksR+jYB6CaM2/9X4t0YJRruztwpveNzLbKGvvoxj7Xz4ieT8b3H2+tu4AmwLlO aIleaafp3Qgh1wBucOsTmaegB2I2O3Xli7E0lvaPNvVSZCAS7qtkH08Yl9hj9TU3w/Yv LYXZCB1NsLhN6pqKpdbe+4ASkkXwMxSz3Oixdd/TbhGUZ5ATzrE5Os38W4TfLN+7gJ7p cKBiZRIy+G4KafVvdM3PPwupIPfQgPkacLOM5p41UwDsQPZgxKi+Cb+SaG/j9wgI79tO j9CejVmKmxaCZUlZALXhR5AnQs3fW+qudRT2UG6HShUUO48Fg/Jrbt23xFB9x/Eim3bj VbfA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e9si15449180plt.330.2018.12.12.11.55.39; Wed, 12 Dec 2018 11:56:01 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727975AbeLLTwS (ORCPT + 99 others); Wed, 12 Dec 2018 14:52:18 -0500 Received: from namei.org ([65.99.196.166]:51332 "EHLO namei.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726440AbeLLTwS (ORCPT ); Wed, 12 Dec 2018 14:52:18 -0500 Received: from localhost (localhost [127.0.0.1]) by namei.org (8.14.4/8.14.4) with ESMTP id wBCJprLZ030130; Wed, 12 Dec 2018 19:51:53 GMT Date: Thu, 13 Dec 2018 06:51:53 +1100 (AEDT) From: James Morris To: =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= cc: linux-kernel@vger.kernel.org, Al Viro , Jonathan Corbet , Kees Cook , Matthew Garrett , Michael Kerrisk , =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= , Mimi Zohar , =?ISO-8859-15?Q?Philippe_Tr=E9buchet?= , Shuah Khan , Thibaut Sautereau , Vincent Strubel , Yves-Alexis Perez , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC In-Reply-To: <20181212081712.32347-1-mic@digikod.net> Message-ID: References: <20181212081712.32347-1-mic@digikod.net> User-Agent: Alpine 2.21 (LRH 202 2017-01-01) MIME-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="1665246916-1625860249-1544644091=:29507" Content-ID: Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --1665246916-1625860249-1544644091=:29507 Content-Type: text/plain; CHARSET=ISO-8859-15 Content-Transfer-Encoding: 8BIT Content-ID: On Wed, 12 Dec 2018, Micka?l Sala?n wrote: > Hi, > > The goal of this patch series is to control script interpretation. A > new O_MAYEXEC flag used by sys_open() is added to enable userland script > interpreter to delegate to the kernel (and thus the system security > policy) the permission to interpret scripts or other files containing > what can be seen as commands. > > The security policy is the responsibility of an LSM. A basic > system-wide policy is implemented with Yama and configurable through a > sysctl. If you're depending on the script interpreter to flag that the user may execute code, this seems to be equivalent in security terms to depending on the user. e.g. what if the user uses ptrace and clears O_MAYEXEC? -- James Morris --1665246916-1625860249-1544644091=:29507--