Received: by 2002:a25:c593:0:0:0:0:0 with SMTP id v141csp1747908ybe; Sat, 7 Sep 2019 02:04:11 -0700 (PDT) X-Google-Smtp-Source: APXvYqy4Pj0bAeVrJYOrmNBy86Qoof9fGfyrSrDL8PG3fm1YEfDYv91pW0aK72K+wGw4hrDWp/Mg X-Received: by 2002:a65:4304:: with SMTP id j4mr12067307pgq.419.1567847050904; Sat, 07 Sep 2019 02:04:10 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1567847050; cv=none; d=google.com; s=arc-20160816; b=CIIzRTGh+/7aSXz1V76glXp+t3EV51QrXZk3MhI50fkIO3+6L2dpVeej6x3kJiGf7v Yac9NEAYfJPR7qV3A06uz0nEDMtQODcVXqsz62+1+fe1AoDS1yh3C4ynmXyNFioED9Dh Lr49yARZ6WEm6GMrnvqJlhpil70eoPTLyDTypQ3afwRaHbzhPOPIrco6XqqzWDKZKsvq rAf5+D0dMZh2HhQ+ecayYIl8RCU5eLqDcqySKPgZce+WOMsFT0ElunOYa0lQMw0GXwEx Pp0CohMTpmYOidZAM7BsvAmk7HbJC0FJK8bQZLO83xshgjNZTT0iIsgVLXHafC6xsX+1 O1PA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:mime-version:user-agent:message-id :in-reply-to:date:references:subject:cc:to:from; bh=Q29HSvx+sLJ5rhyNS1oEUlkcAOEdax5r1p1R+tUKOGA=; b=C4sjdQ83584xnb2PQZCDSxXQqHmnHNBSHRYTmuWqp/XYtjyJL+xWVMynBnTTVswMCY DqK+OU2IfBq+5aaUvwFFYvTY1Ubw8nGSgKQXSoJrxMZUHsrSnFsPTQ/1fYDjwbK5vbIN umBuzSiLbnq5Ngu1VGLwUZ3KR7lB7lC1liLiwColC0DcrcwAmJlxvnpwieMS0+taSV2O 2a++/fS3YwtF7/dER6xeVsVpbohLQ9Pu5fvwhWFDvz4nE8Xv+mdA5SCR9hxyu36jg+Uq alj8QodW7XqygnN57Gvmk3CaelVZtlqpajaiq1gzH4+YiX841BjfOrbJFD2lIlWFBXyG o+nA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id q8si8508290pfn.276.2019.09.07.02.03.55; Sat, 07 Sep 2019 02:04:10 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2394961AbfIFP4l (ORCPT + 99 others); Fri, 6 Sep 2019 11:56:41 -0400 Received: from mx1.redhat.com ([209.132.183.28]:52954 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1730955AbfIFP4k (ORCPT ); Fri, 6 Sep 2019 11:56:40 -0400 Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C440F3090FD1; Fri, 6 Sep 2019 15:56:39 +0000 (UTC) Received: from oldenburg2.str.redhat.com (dhcp-192-200.str.redhat.com [10.33.192.200]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 2D2A95C22C; Fri, 6 Sep 2019 15:56:34 +0000 (UTC) From: Florian Weimer To: =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= Cc: linux-kernel@vger.kernel.org, Aleksa Sarai , Alexei Starovoitov , Al Viro , Andy Lutomirski , Christian Heimes , Daniel Borkmann , Eric Chiang , James Morris , Jan Kara , Jann Horn , Jonathan Corbet , Kees Cook , Matthew Garrett , Matthew Wilcox , Michael Kerrisk , =?utf-8?Q?Micka=C3=ABl_Sala=C3=BCn?= , Mimi Zohar , Philippe =?utf-8?Q?Tr=C3=A9buchet?= , Scott Shell , Sean Christopherson , Shuah Khan , Song Liu , Steve Dower , Steve Grubb , Thibaut Sautereau , Vincent Strubel , Yves-Alexis Perez , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open() References: <20190906152455.22757-1-mic@digikod.net> <20190906152455.22757-2-mic@digikod.net> Date: Fri, 06 Sep 2019 17:56:32 +0200 In-Reply-To: <20190906152455.22757-2-mic@digikod.net> (=?utf-8?Q?=22Micka?= =?utf-8?Q?=C3=ABl_Sala=C3=BCn=22's?= message of "Fri, 6 Sep 2019 17:24:51 +0200") Message-ID: <87ef0te7v3.fsf@oldenburg2.str.redhat.com> User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Fri, 06 Sep 2019 15:56:40 +0000 (UTC) Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Let's assume I want to add support for this to the glibc dynamic loader, while still being able to run on older kernels. Is it safe to try the open call first, with O_MAYEXEC, and if that fails with EINVAL, try again without O_MAYEXEC? Or do I risk disabling this security feature if I do that? Do we need a different way for recognizing kernel support. (Note that we cannot probe paths in /proc for various reasons.) Thanks, Florian