Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3099681yba; Tue, 16 Apr 2019 04:51:50 -0700 (PDT) X-Google-Smtp-Source: APXvYqxdhTd8UiPUStzPM5m+b3TjKfGXvuZAGZaUAWnO7F9TzeL1Db3DjJiRPtQ4PPqt52eQ1sn4 X-Received: by 2002:a62:5144:: with SMTP id f65mr82977912pfb.13.1555415510537; Tue, 16 Apr 2019 04:51:50 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555415510; cv=none; d=google.com; s=arc-20160816; b=Hre1qziQ/+tuptN49hcukBzZ8C+9pm6Gl0DEbV2DJZL3bcVgEWmh/hBwU0aMHTBH4v 1VCGgbzQ1CU9/U1AZ32PvIt6Z+DYtsBNHopkyp6gqiKMn/7ljpW1YYI2tuyNxoff4nsP NoXmdrXK2ZBFQoL/o3HQgp+yLPwn5GWqymUIawPcK//nW3DzPY8IVDl39qoDC2XOdQLA HMrlZV04oD75BiJayifRfgjNNS09cI1mWyTlhVNlir9rTexd56+tAX/MWjBXEJ09Gp07 L625ZMH6lGuJQ9iqA8ZsKzWcprCejfmnPgYK2ZL6mjlmuErXgSpcbojU/CU/agZQz3TI V90A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from; bh=CCsTjX5NuJA3uB7oGEiQe2qM+o7BLR1tIE9bub+RaJk=; b=D8ABG8uYQxrGq4NZYDP71QepCHb/XNQ49fL2eLGr0Dg4CbuJPU6KcEnhtwkpEiZHXT 30udWGpxVT8eEu958Tad9unBz+QuE1X+v+AJ0+n23m0QddL6ydIjg9KX9ef3ObLq9A+G gTOpIzIEZsDPeWED/N34UXXdOc7x/pw0PNvi1bn19fkjMq/PZFh6jfYn4u1LlryqAUy9 7vGhGpbS2HX7G27FtIxosLrvC1PD1U0/IAooKBs2L8MYCQG+N/GKymeJ9WJT/70oPIg1 dbttIzYv+zBJq3jbOBrXP/GW+7wLjdDG4F91ZjCQ5lO/UEH5sOEbgPmuupwGNiXhl/vj i1mA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id v4si45795430pgr.591.2019.04.16.04.51.34; Tue, 16 Apr 2019 04:51:50 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729450AbfDPLts (ORCPT + 99 others); Tue, 16 Apr 2019 07:49:48 -0400 Received: from mx1.redhat.com ([209.132.183.28]:32856 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726672AbfDPLts (ORCPT ); Tue, 16 Apr 2019 07:49:48 -0400 Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 1832459460; Tue, 16 Apr 2019 11:49:47 +0000 (UTC) Received: from oldenburg2.str.redhat.com (unknown [10.36.118.39]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 1FFA45D71A; Tue, 16 Apr 2019 11:49:40 +0000 (UTC) From: Florian Weimer To: Steve Grubb Cc: Jan Kara , =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= , linux-kernel@vger.kernel.org, Al Viro , James Morris , Jonathan Corbet , Kees Cook , Matthew Garrett , Michael Kerrisk , =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= , Mimi Zohar , Philippe =?utf-8?Q?Tr=C3=A9buchet?= , Shuah Khan , Thibaut Sautereau , Vincent Strubel , Yves-Alexis Perez , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org, Matthew Bobrowski Subject: Re: [RFC PATCH v1 1/5] fs: Add support for an O_MAYEXEC flag on sys_open() References: <20181212081712.32347-1-mic@digikod.net> <20181212081712.32347-2-mic@digikod.net> <20181212144306.GA19945@quack2.suse.cz> <3452959.b6JmBh7Lnt@x2> Date: Tue, 16 Apr 2019 13:49:39 +0200 In-Reply-To: <3452959.b6JmBh7Lnt@x2> (Steve Grubb's message of "Mon, 15 Apr 2019 14:47:49 -0400") Message-ID: <87wojuxj8s.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 16 Apr 2019 11:49:47 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org * Steve Grubb: > This flag that is being proposed means that you would have to patch all > interpreters to use it. If you are sure that upstreams will accept that, why > not just change the policy to interpreters shouldn't execute anything unless > the execute bit is set? That is simpler and doesn't need a kernel change. And > setting the execute bit is an auditable event. I think we need something like O_MAYEXEC so that security policies can be enforced and noexec mounts can be detected. I don't think it's a good idea to do this in userspace, especially the latter. Thanks, Florian