Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3099681yba;
        Tue, 16 Apr 2019 04:51:50 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxdhTd8UiPUStzPM5m+b3TjKfGXvuZAGZaUAWnO7F9TzeL1Db3DjJiRPtQ4PPqt52eQ1sn4
X-Received: by 2002:a62:5144:: with SMTP id f65mr82977912pfb.13.1555415510537;
        Tue, 16 Apr 2019 04:51:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1555415510; cv=none;
        d=google.com; s=arc-20160816;
        b=Hre1qziQ/+tuptN49hcukBzZ8C+9pm6Gl0DEbV2DJZL3bcVgEWmh/hBwU0aMHTBH4v
         1VCGgbzQ1CU9/U1AZ32PvIt6Z+DYtsBNHopkyp6gqiKMn/7ljpW1YYI2tuyNxoff4nsP
         NoXmdrXK2ZBFQoL/o3HQgp+yLPwn5GWqymUIawPcK//nW3DzPY8IVDl39qoDC2XOdQLA
         HMrlZV04oD75BiJayifRfgjNNS09cI1mWyTlhVNlir9rTexd56+tAX/MWjBXEJ09Gp07
         L625ZMH6lGuJQ9iqA8ZsKzWcprCejfmnPgYK2ZL6mjlmuErXgSpcbojU/CU/agZQz3TI
         V90A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:mime-version:user-agent:message-id
         :in-reply-to:date:references:subject:cc:to:from;
        bh=CCsTjX5NuJA3uB7oGEiQe2qM+o7BLR1tIE9bub+RaJk=;
        b=D8ABG8uYQxrGq4NZYDP71QepCHb/XNQ49fL2eLGr0Dg4CbuJPU6KcEnhtwkpEiZHXT
         30udWGpxVT8eEu958Tad9unBz+QuE1X+v+AJ0+n23m0QddL6ydIjg9KX9ef3ObLq9A+G
         gTOpIzIEZsDPeWED/N34UXXdOc7x/pw0PNvi1bn19fkjMq/PZFh6jfYn4u1LlryqAUy9
         7vGhGpbS2HX7G27FtIxosLrvC1PD1U0/IAooKBs2L8MYCQG+N/GKymeJ9WJT/70oPIg1
         dbttIzYv+zBJq3jbOBrXP/GW+7wLjdDG4F91ZjCQ5lO/UEH5sOEbgPmuupwGNiXhl/vj
         i1mA==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id v4si45795430pgr.591.2019.04.16.04.51.34;
        Tue, 16 Apr 2019 04:51:50 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729450AbfDPLts (ORCPT <rfc822;rruigrok1@gmail.com> + 99 others);
        Tue, 16 Apr 2019 07:49:48 -0400
Received: from mx1.redhat.com ([209.132.183.28]:32856 "EHLO mx1.redhat.com"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726672AbfDPLts (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Tue, 16 Apr 2019 07:49:48 -0400
Received: from smtp.corp.redhat.com (int-mx05.intmail.prod.int.phx2.redhat.com [10.5.11.15])
        (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
        (No client certificate requested)
        by mx1.redhat.com (Postfix) with ESMTPS id 1832459460;
        Tue, 16 Apr 2019 11:49:47 +0000 (UTC)
Received: from oldenburg2.str.redhat.com (unknown [10.36.118.39])
        by smtp.corp.redhat.com (Postfix) with ESMTPS id 1FFA45D71A;
        Tue, 16 Apr 2019 11:49:40 +0000 (UTC)
From:   Florian Weimer <fweimer@redhat.com>
To:     Steve Grubb <sgrubb@redhat.com>
Cc:     Jan Kara <jack@suse.cz>,
        =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= <mic@digikod.net>,
        linux-kernel@vger.kernel.org, Al Viro <viro@zeniv.linux.org.uk>,
        James Morris <jmorris@namei.org>,
        Jonathan Corbet <corbet@lwn.net>,
        Kees Cook <keescook@chromium.org>,
        Matthew Garrett <mjg59@google.com>,
        Michael Kerrisk <mtk.manpages@gmail.com>,
        =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= <mickael.salaun@ssi.gouv.fr>,
        Mimi Zohar <zohar@linux.ibm.com>,
        Philippe =?utf-8?Q?Tr=C3=A9buchet?= 
        <philippe.trebuchet@ssi.gouv.fr>, Shuah Khan <shuah@kernel.org>,
        Thibaut Sautereau <thibaut.sautereau@ssi.gouv.fr>,
        Vincent Strubel <vincent.strubel@ssi.gouv.fr>,
        Yves-Alexis Perez <yves-alexis.perez@ssi.gouv.fr>,
        kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org,
        linux-security-module@vger.kernel.org,
        linux-fsdevel@vger.kernel.org,
        Matthew Bobrowski <mbobrowski@mbobrowski.org>
Subject: Re: [RFC PATCH v1 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
References: <20181212081712.32347-1-mic@digikod.net>
        <20181212081712.32347-2-mic@digikod.net>
        <20181212144306.GA19945@quack2.suse.cz> <3452959.b6JmBh7Lnt@x2>
Date:   Tue, 16 Apr 2019 13:49:39 +0200
In-Reply-To: <3452959.b6JmBh7Lnt@x2> (Steve Grubb's message of "Mon, 15 Apr
        2019 14:47:49 -0400")
Message-ID: <87wojuxj8s.fsf@oldenburg2.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.15
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.39]); Tue, 16 Apr 2019 11:49:47 +0000 (UTC)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

* Steve Grubb:

> This flag that is being proposed means that you would have to patch all 
> interpreters to use it. If you are sure that upstreams will accept that, why 
> not just change the policy to interpreters shouldn't execute anything unless 
> the execute bit is set? That is simpler and doesn't need a kernel change. And 
> setting the execute bit is an auditable event.

I think we need something like O_MAYEXEC so that security policies can
be enforced and noexec mounts can be detected.  I don't think it's a
good idea to do this in userspace, especially the latter.

Thanks,
Florian