Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp450943imu; Wed, 12 Dec 2018 21:14:57 -0800 (PST) X-Google-Smtp-Source: AFSGD/WvHNNN1XPi+KKwg/9bWipBVMQIyViHtmAukwHBCrWwv12Ly7FoOte9+6XZQ4CGo0fTP6Ui X-Received: by 2002:a17:902:be08:: with SMTP id r8mr8707900pls.289.1544678096940; Wed, 12 Dec 2018 21:14:56 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544678096; cv=none; d=google.com; s=arc-20160816; b=J/Ls0I9Qsa9R1P8CkhtSwbE17R2fpO0uYxOWIGuvv0TUSi1hNcupNvuzIzw18r3kwU vVX4FcLPvEPIh0IopUy4IpZyX7W8fmwDT2oVZUckM3XBP+iyRnu3RH67ylKxoBN9T2Si TitmPrBiKkN1KWCytMoazwlYsMiMrghaFlIbVo51O0cKt5J/n5wqktq+LVCwzuyQ30EK 3tVK5CGb4sNEDLK9/ZENHCEFmZlgtYhQHck1iUXOU9X3ryBk6Y6VHZi7QvL0pppecm4/ m3+GHSqA6z3ehA4ZeBVxj4iNj4JSCxapwUfHxwE5gKmdaK8fRmdKrVfqiML71dY/ADjy NY5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from; bh=feoTYMFmdkAZ1ZDgCKGfmdgHBEI1lfyiZiiQODvBCnA=; b=dcvxIAGiFFC1Pj6NDQUezGQ+F2SKE+kKfWqmBPR/mcqzuZCLTD81YPlg7xShBnVGJ3 fyJV3Gcx98KK3OVbbR/basjmwb4rAwQSUykfam8Gm/zbYC8yfQNheo1S4WdUsXMmMbXz PEEqajonT4FVzG3DYHx/4izJFDzgxUjS0A9AJSbIT8VGtR/vhNZkX5M+DBZkREZurzMz TlkTaJh285trXKChIf1dFLWpK73tEHFH7AoDbh/tOrG5xZft7Nx6/k2IQwESjjbIrAFc V/0ZvFE7q556RRlEEm9oQChIgmyGU3/jQR0pEZd70HiP4rfdHkSzMQRZjRaMc1/JrwpH EcGg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id cd2si832980plb.39.2018.12.12.21.14.37; Wed, 12 Dec 2018 21:14:56 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726883AbeLMFNr (ORCPT + 99 others); Thu, 13 Dec 2018 00:13:47 -0500 Received: from mx1.redhat.com ([209.132.183.28]:49638 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726593AbeLMFNr (ORCPT ); Thu, 13 Dec 2018 00:13:47 -0500 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 0D00E307D843; Thu, 13 Dec 2018 05:13:46 +0000 (UTC) Received: from oldenburg2.str.redhat.com (ovpn-116-82.ams2.redhat.com [10.36.116.82]) by smtp.corp.redhat.com (Postfix) with ESMTPS id D2CB05D717; Thu, 13 Dec 2018 05:13:40 +0000 (UTC) From: Florian Weimer To: James Morris Cc: =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= , linux-kernel@vger.kernel.org, Al Viro , Jonathan Corbet , Kees Cook , Matthew Garrett , Michael Kerrisk , =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= , Mimi Zohar , Philippe =?utf-8?Q?Tr=C3=A9buchet?= , Shuah Khan , Thibaut Sautereau , Vincent Strubel , Yves-Alexis Perez , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC References: <20181212081712.32347-1-mic@digikod.net> <87lg4upkpv.fsf@oldenburg2.str.redhat.com> Date: Thu, 13 Dec 2018 06:13:39 +0100 In-Reply-To: (James Morris's message of "Thu, 13 Dec 2018 10:40:32 +1100 (AEDT)") Message-ID: <87ftv2ovp8.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.48]); Thu, 13 Dec 2018 05:13:47 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * James Morris: > On Wed, 12 Dec 2018, Florian Weimer wrote: > >> * James Morris: >> >> > If you're depending on the script interpreter to flag that the user may >> > execute code, this seems to be equivalent in security terms to depending >> > on the user. e.g. what if the user uses ptrace and clears O_MAYEXEC? >> >> The argument I've heard is this: Using ptrace (and adding the +x >> attribute) are auditable events. > > I guess you could also preload a modified libc which strips the flag. My understanding is that this new libc would have to come somewhere, and making it executable would be an auditable even as well. Thanks, Florian