Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp450943imu;
        Wed, 12 Dec 2018 21:14:57 -0800 (PST)
X-Google-Smtp-Source: AFSGD/WvHNNN1XPi+KKwg/9bWipBVMQIyViHtmAukwHBCrWwv12Ly7FoOte9+6XZQ4CGo0fTP6Ui
X-Received: by 2002:a17:902:be08:: with SMTP id r8mr8707900pls.289.1544678096940;
        Wed, 12 Dec 2018 21:14:56 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1544678096; cv=none;
        d=google.com; s=arc-20160816;
        b=J/Ls0I9Qsa9R1P8CkhtSwbE17R2fpO0uYxOWIGuvv0TUSi1hNcupNvuzIzw18r3kwU
         vVX4FcLPvEPIh0IopUy4IpZyX7W8fmwDT2oVZUckM3XBP+iyRnu3RH67ylKxoBN9T2Si
         TitmPrBiKkN1KWCytMoazwlYsMiMrghaFlIbVo51O0cKt5J/n5wqktq+LVCwzuyQ30EK
         3tVK5CGb4sNEDLK9/ZENHCEFmZlgtYhQHck1iUXOU9X3ryBk6Y6VHZi7QvL0pppecm4/
         m3+GHSqA6z3ehA4ZeBVxj4iNj4JSCxapwUfHxwE5gKmdaK8fRmdKrVfqiML71dY/ADjy
         NY5w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:message-id
         :in-reply-to:date:references:subject:cc:to:from;
        bh=feoTYMFmdkAZ1ZDgCKGfmdgHBEI1lfyiZiiQODvBCnA=;
        b=dcvxIAGiFFC1Pj6NDQUezGQ+F2SKE+kKfWqmBPR/mcqzuZCLTD81YPlg7xShBnVGJ3
         fyJV3Gcx98KK3OVbbR/basjmwb4rAwQSUykfam8Gm/zbYC8yfQNheo1S4WdUsXMmMbXz
         PEEqajonT4FVzG3DYHx/4izJFDzgxUjS0A9AJSbIT8VGtR/vhNZkX5M+DBZkREZurzMz
         TlkTaJh285trXKChIf1dFLWpK73tEHFH7AoDbh/tOrG5xZft7Nx6/k2IQwESjjbIrAFc
         V/0ZvFE7q556RRlEEm9oQChIgmyGU3/jQR0pEZd70HiP4rfdHkSzMQRZjRaMc1/JrwpH
         EcGg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id cd2si832980plb.39.2018.12.12.21.14.37;
        Wed, 12 Dec 2018 21:14:56 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726883AbeLMFNr (ORCPT <rfc822;rajatbajpailinux@gmail.com>
        + 99 others); Thu, 13 Dec 2018 00:13:47 -0500
Received: from mx1.redhat.com ([209.132.183.28]:49638 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726593AbeLMFNr (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 13 Dec 2018 00:13:47 -0500
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 0D00E307D843;
        Thu, 13 Dec 2018 05:13:46 +0000 (UTC)
Received: from oldenburg2.str.redhat.com (ovpn-116-82.ams2.redhat.com [10.36.116.82])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id D2CB05D717;
        Thu, 13 Dec 2018 05:13:40 +0000 (UTC)
From:   Florian Weimer <fweimer@redhat.com>
To:     James Morris <jmorris@namei.org>
Cc:     =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>,
        linux-kernel@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Matthew Garrett <mjg59@google.com>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= <mickael.salaun@ssi.gouv.fr>,
        Mimi Zohar <zohar@linux.ibm.com>,
        Philippe =?utf-8?Q?Tr=C3=A9buchet?= 
        <philippe.trebuchet@ssi.gouv.fr>, Shuah Khan <shuah@kernel.org>,
        Thibaut Sautereau <thibaut.sautereau@ssi.gouv.fr>,
        Vincent Strubel <vincent.strubel@ssi.gouv.fr>,
        Yves-Alexis Perez <yves-alexis.perez@ssi.gouv.fr>,
        kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-fsdevel@vger.kernel.org
Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC
References: <20181212081712.32347-1-mic@digikod.net>
        <alpine.LRH.2.21.1812130642250.29507@namei.org>
        <87lg4upkpv.fsf@oldenburg2.str.redhat.com>
        <alpine.LRH.2.21.1812131039400.7600@namei.org>
Date:   Thu, 13 Dec 2018 06:13:39 +0100
In-Reply-To: <alpine.LRH.2.21.1812131039400.7600@namei.org> (James Morris's
        message of "Thu, 13 Dec 2018 10:40:32 +1100 (AEDT)")
Message-ID: <87ftv2ovp8.fsf@oldenburg2.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Thu, 13 Dec 2018 05:13:47 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

* James Morris:

> On Wed, 12 Dec 2018, Florian Weimer wrote:
>
>> * James Morris:
>> 
>> > If you're depending on the script interpreter to flag that the user may 
>> > execute code, this seems to be equivalent in security terms to depending 
>> > on the user.  e.g. what if the user uses ptrace and clears O_MAYEXEC?
>> 
>> The argument I've heard is this: Using ptrace (and adding the +x
>> attribute) are auditable events.
>
> I guess you could also preload a modified libc which strips the flag.

My understanding is that this new libc would have to come somewhere, and
making it executable would be an auditable even as well.

Thanks,
Florian