Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp31526imu;
        Wed, 12 Dec 2018 11:56:01 -0800 (PST)
X-Google-Smtp-Source: AFSGD/UD/2WlPBlWXpsa2E3X+IrJvWOUgjye+OfwCMp3scZ9UyP6CXRIlNAid7l34UVjXR23MrsZ
X-Received: by 2002:a17:902:b18b:: with SMTP id s11mr20851298plr.56.1544644561251;
        Wed, 12 Dec 2018 11:56:01 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544644561; cv=none;
        d=google.com; s=arc-20160816;
        b=VG6HHfV9ULDU7a7gQNwsyurQUKyfYJYkXWSWHsd0rTMEd9p5rJImwSDSVTrH7K/zXc
         Ak9vzc+0w1hNWLb46MbxmKFkhQ4Fc7p+PHEbohtVkIIecoyzdfJ3B+cfulBCqz3RnG98
         TDx7D6DevgfLw3+CWsfxakYK5VZetcwGwqqJnsGGBx9DHoZGuHhE/9g7GxmuMaCPNYMx
         28LSkC8j3xNtLoGik/jK1yPuxFLhTU1hP/F+FuyWmpewNokJ98YqQbeB/B81CocgVZCF
         76VxSwUbwQLWhRd5PX0wTHIm4GEYQelI6aqM85MZx+BbWJP+VwJZ3mATjucBw8JD6euB
         JWqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-id:mime-version:user-agent
         :references:message-id:in-reply-to:subject:cc:to:from:date;
        bh=Ex5HZaXZrzKJAs+78CKO0lx8cHoBCqa60sXKJr/pBU4=;
        b=X2o0ksR+jYB6CaM2/9X4t0YJRruztwpveNzLbKGvvoxj7Xz4ieT8b3H2+tu4AmwLlO
         aIleaafp3Qgh1wBucOsTmaegB2I2O3Xli7E0lvaPNvVSZCAS7qtkH08Yl9hj9TU3w/Yv
         LYXZCB1NsLhN6pqKpdbe+4ASkkXwMxSz3Oixdd/TbhGUZ5ATzrE5Os38W4TfLN+7gJ7p
         cKBiZRIy+G4KafVvdM3PPwupIPfQgPkacLOM5p41UwDsQPZgxKi+Cb+SaG/j9wgI79tO
         j9CejVmKmxaCZUlZALXhR5AnQs3fW+qudRT2UG6HShUUO48Fg/Jrbt23xFB9x/Eim3bj
         VbfA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e9si15449180plt.330.2018.12.12.11.55.39;
        Wed, 12 Dec 2018 11:56:01 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727975AbeLLTwS (ORCPT <rfc822;chaneybenjamini@gmail.com>
        + 99 others); Wed, 12 Dec 2018 14:52:18 -0500
Received: from namei.org ([65.99.196.166]:51332 "EHLO namei.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726440AbeLLTwS (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 12 Dec 2018 14:52:18 -0500
Received: from localhost (localhost [127.0.0.1])
        by namei.org (8.14.4/8.14.4) with ESMTP id wBCJprLZ030130;
        Wed, 12 Dec 2018 19:51:53 GMT
Date:   Thu, 13 Dec 2018 06:51:53 +1100 (AEDT)
From:   James Morris <jmorris@namei.org>
To:     =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= <mic@digikod.net>
cc:     linux-kernel@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Matthew Garrett <mjg59@google.com>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        =?ISO-8859-15?Q?Micka=EBl_Sala=FCn?= <mickael.salaun@ssi.gouv.fr>,
        Mimi Zohar <zohar@linux.ibm.com>,
        =?ISO-8859-15?Q?Philippe_Tr=E9buchet?= 
        <philippe.trebuchet@ssi.gouv.fr>, Shuah Khan <shuah@kernel.org>,
        Thibaut Sautereau <thibaut.sautereau@ssi.gouv.fr>,
        Vincent Strubel <vincent.strubel@ssi.gouv.fr>,
        Yves-Alexis Perez <yves-alexis.perez@ssi.gouv.fr>,
        kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-fsdevel@vger.kernel.org
Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC
In-Reply-To: <20181212081712.32347-1-mic@digikod.net>
Message-ID: <alpine.LRH.2.21.1812130642250.29507@namei.org>
References: <20181212081712.32347-1-mic@digikod.net>
User-Agent: Alpine 2.21 (LRH 202 2017-01-01)
MIME-Version: 1.0
Content-Type: multipart/mixed; BOUNDARY="1665246916-1625860249-1544644091=:29507"
Content-ID: <alpine.LRH.2.21.1812130649470.29507@namei.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

--1665246916-1625860249-1544644091=:29507
Content-Type: text/plain; CHARSET=ISO-8859-15
Content-Transfer-Encoding: 8BIT
Content-ID: <alpine.LRH.2.21.1812130649471.29507@namei.org>

On Wed, 12 Dec 2018, Micka?l Sala?n wrote:

> Hi,
> 
> The goal of this patch series is to control script interpretation.  A
> new O_MAYEXEC flag used by sys_open() is added to enable userland script
> interpreter to delegate to the kernel (and thus the system security
> policy) the permission to interpret scripts or other files containing
> what can be seen as commands.
> 
> The security policy is the responsibility of an LSM.  A basic
> system-wide policy is implemented with Yama and configurable through a
> sysctl.

If you're depending on the script interpreter to flag that the user may 
execute code, this seems to be equivalent in security terms to depending 
on the user.  e.g. what if the user uses ptrace and clears O_MAYEXEC?

 



-- 
James Morris
<jmorris@namei.org>
--1665246916-1625860249-1544644091=:29507--