Received: by 2002:a25:868d:0:0:0:0:0 with SMTP id z13csp133337ybk; Thu, 14 May 2020 18:39:55 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyb4QMnr5sc14CO4zTOGnrwxz287Gzd7kFLjqzZLUp5PgvkfKXmOEntaKWIPiZKDfbuiKO9 X-Received: by 2002:a17:906:6990:: with SMTP id i16mr697251ejr.175.1589506795549; Thu, 14 May 2020 18:39:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1589506795; cv=none; d=google.com; s=arc-20160816; b=rAH8imdpG7adGVVfw8QRTjLItrQeYsG5v4DSZ6c15//wExsQgoQQ4GVyUJ2Gu4K5FR MrIg6UjZvltndrz7tBonno0dRDjUsrX3CtTy4zRgBNYaJtG+mCV+OgtZ82y6fQNOaYnz BQTTllWoOJet70+MiOxy7U7NaZFjGU+4aAT0ZSrTe2/Jv+JzW1eF7SZ96n3y1U9nwPBi uhozJQ3idI3k+kKZcDAX473S8gvgdB5ggNmPvRTMeEIlaKvtaX4YbkvNxmmuuzSq6roZ ZCFQA/ON712hMUxHXHZVZf/bgqkWGJ6ROjswn+JU4S5mU04jigX65H67+I12RqUmIieT LKRA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding :content-language:in-reply-to:mime-version:user-agent:date :message-id:from:references:cc:to:subject; bh=7E7UgLzaWzijLO9MkNdHZRqFVWRz4MBEKBYJ42E4U+I=; b=S8ejXP2Wk3+u0utuVI8NtXUDhRUE7HJW/Adcy/fbNZnEhOszHHiyXCFBeMr7sRhTef OYw7boZkE4Nr6Hw8w326OAq7u3Zt2LpCPYRrGZbHWst+vSM5IkUY4tgnvWEo1CGMfh0H VLF8FZoTdBRvzJT6lJLvndHqEVVUWUaEUMyOKYbzWuTBxFpMGGkxZtR8zJoKTF558xY4 Z8giDlsFGTLA/F0pQVE0sTSWt/0mqv1j+OUVYbZBtDpzvvte1vwBxR0a5co2VgVhQT40 ON/T3Rc4GMObFSVhuKqZDzIm+DymPPKrFKrHOc2PwC6VzVSCaVGwrgLfEe1BXpyMzGJy Q1cw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id y10si296226ede.45.2020.05.14.18.39.32; Thu, 14 May 2020 18:39:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728584AbgEOBAn (ORCPT + 99 others); Thu, 14 May 2020 21:00:43 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:57799 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726170AbgEOBAm (ORCPT ); Thu, 14 May 2020 21:00:42 -0400 Received: from fsav106.sakura.ne.jp (fsav106.sakura.ne.jp [27.133.134.233]) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTP id 04F0w5Dv079234; Fri, 15 May 2020 09:58:05 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav106.sakura.ne.jp (F-Secure/fsigk_smtp/550/fsav106.sakura.ne.jp); Fri, 15 May 2020 09:58:05 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/550/fsav106.sakura.ne.jp) Received: from [192.168.1.9] (M106072142033.v4.enabler.ne.jp [106.72.142.33]) (authenticated bits=0) by www262.sakura.ne.jp (8.15.2/8.15.2) with ESMTPSA id 04F0w5cY079230 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 15 May 2020 09:58:05 +0900 (JST) (envelope-from penguin-kernel@i-love.sakura.ne.jp) Subject: Re: [PATCH v5 3/6] fs: Enable to enforce noexec mounts or file exec through O_MAYEXEC To: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Stephen Smalley Cc: Kees Cook , John Johansen , Kentaro Takeda , linux-kernel , Aleksa Sarai , Alexei Starovoitov , Al Viro , Andy Lutomirski , Christian Heimes , Daniel Borkmann , Deven Bowers , Eric Chiang , Florian Weimer , James Morris , Jan Kara , Jann Horn , Jonathan Corbet , Lakshmi Ramasubramanian , Matthew Garrett , Matthew Wilcox , Michael Kerrisk , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Mimi Zohar , =?UTF-8?Q?Philippe_Tr=c3=a9buchet?= , Scott Shell , Sean Christopherson , Shuah Khan , Steve Dower , Steve Grubb , Thibaut Sautereau , Vincent Strubel , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-integrity@vger.kernel.org, LSM List , Linux FS Devel References: <20200505153156.925111-1-mic@digikod.net> <20200505153156.925111-4-mic@digikod.net> <202005131525.D08BFB3@keescook> <202005132002.91B8B63@keescook> <202005140830.2475344F86@keescook> From: Tetsuo Handa Message-ID: <5263f2ea-1267-7370-6463-da8c9d9145fd@i-love.sakura.ne.jp> Date: Fri, 15 May 2020 09:58:00 +0900 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.8.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 2020/05/06 0:31, Mickaël Salaün wrote: > The goal of this patch series is to enable to control script execution > with interpreters help. A new O_MAYEXEC flag, usable through > openat2(2), is added to enable userspace script interpreter to delegate > to the kernel (and thus the system security policy) the permission to > interpret/execute scripts or other files containing what can be seen as > commands. Since TOMOYO considers that any file (even standard input which is connected to keyboard) can provide data which can be interpreted as executable, TOMOYO does not check traditional "execute permission". TOMOYO's execute permission serves as a gate for replacing current process with a new file using execve() syscall. All other calls (e.g. uselib(), open()) are simply treated as opening a file for read/write/append etc. Therefore, On 14/05/2020 18:10, Stephen Smalley wrote:> Just do both in build_open_flags() and be done with it? Looks like he > was already setting FMODE_EXEC in patch 1 so we just need to teach> AppArmor/TOMOYO to check for it and perform file execute checking in> that case if !current->in_execve? regarding TOMOYO, I don't think that TOMOYO needs to perform file execute checking if !current->in_execve , even if O_MAYEXEC is introduced.