Received: by 2002:a05:6a10:a0d1:0:0:0:0 with SMTP id j17csp4668204pxa; Mon, 10 Aug 2020 15:10:38 -0700 (PDT) X-Google-Smtp-Source: ABdhPJwHCmfT2iavKPotkwogaJvPmuRIPaIUB9sxaxB+j+xacM1qyqr25815kODdemW8CD89eK8i X-Received: by 2002:a17:906:2b8e:: with SMTP id m14mr24708587ejg.249.1597097438443; Mon, 10 Aug 2020 15:10:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1597097438; cv=none; d=google.com; s=arc-20160816; b=ZgH+O3zwOWxlvtF0m1gMYOr5eM6j3BzHftjvW/4aiLJwd3IfVYOuGfVesQT7nacdSN y7qJKX5h9zeSi+zgICbgKfgc+r8mqUYdjGcJHF96OKsnKqosvfnDS6yyCXRTroLSapR6 tDpLn6P3VGgFVwSnwHj1eQvWem60QMIj/XuZBhleO+77qxf8s38gXa03T+Sl2mE0Qkk/ /oG1NaODVGq2YIl2KReIkRT6LOjmD0HpcKaaTIYKJT5umojS1jQ7F/qf2jO5/TOEzC69 sdqInTIAMFfmf6jc4r5TSgPp2ERl7fJAp+b2ERXlJMFaZsp474QNhNuwpU6rRcFstnos hv2A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :content-language:accept-language:in-reply-to:references:message-id :date:thread-index:thread-topic:subject:cc:to:from; bh=6VtX1YIPzPH1jRT5UTJvBCh9XFqtoqz1R34Sdnxilow=; b=KR76/XOOpcS+hvPoSyIr1SwytmGaQ2chvx2Odl43/eASHunupcVMhUKLrvNH5EMPO1 BS5tIkswxZDDwmdhtq9KYCvKVkCgUOyzwVWn1j9ep16yMUdHWoYFQL5ZBx5NRBI7Oz3E to3/rDi6P8mujJhZsV7KgUBhcqCGEKq/x4zna6H3ZW3TbmEs9aP+NNLcYb58n88TlT8n JkkVDiCbR70wousWmjg9I0/RFS6Jhjm8n4piJP9USAGm4Azmwj91e17H+dOSpJY7LQf7 AzxB95kE1RTVt4+WJqFcNV9MJiqZfDc8q6FJ5gfHHG2h0VZAjdvEEd8ZmYsOS85cnq3V XuAA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id f2si11797772ejr.18.2020.08.10.15.10.15; Mon, 10 Aug 2020 15:10:38 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=aculab.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726994AbgHJWJR convert rfc822-to-8bit (ORCPT + 99 others); Mon, 10 Aug 2020 18:09:17 -0400 Received: from eu-smtp-delivery-151.mimecast.com ([185.58.86.151]:24153 "EHLO eu-smtp-delivery-151.mimecast.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726615AbgHJWJQ (ORCPT ); Mon, 10 Aug 2020 18:09:16 -0400 Received: from AcuMS.aculab.com (156.67.243.126 [156.67.243.126]) (Using TLS) by relay.mimecast.com with ESMTP id uk-mta-91-iYW3Oop_OcG_oOLWmbAbKw-1; Mon, 10 Aug 2020 23:09:11 +0100 X-MC-Unique: iYW3Oop_OcG_oOLWmbAbKw-1 Received: from AcuMS.Aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) by AcuMS.aculab.com (fd9f:af1c:a25b:0:43c:695e:880f:8750) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Mon, 10 Aug 2020 23:09:09 +0100 Received: from AcuMS.Aculab.com ([fe80::43c:695e:880f:8750]) by AcuMS.aculab.com ([fe80::43c:695e:880f:8750%12]) with mapi id 15.00.1347.000; Mon, 10 Aug 2020 23:09:09 +0100 From: David Laight To: 'Al Viro' , =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= CC: Kees Cook , Andrew Morton , "linux-kernel@vger.kernel.org" , Aleksa Sarai , "Alexei Starovoitov" , Andy Lutomirski , "Christian Brauner" , Christian Heimes , Daniel Borkmann , Deven Bowers , Dmitry Vyukov , "Eric Biggers" , Eric Chiang , "Florian Weimer" , James Morris , Jan Kara , Jann Horn , Jonathan Corbet , Lakshmi Ramasubramanian , Matthew Garrett , Matthew Wilcox , Michael Kerrisk , Mimi Zohar , =?iso-8859-1?Q?Philippe_Tr=E9buchet?= , "Scott Shell" , Sean Christopherson , Shuah Khan , Steve Dower , Steve Grubb , Tetsuo Handa , Thibaut Sautereau , Vincent Strubel , "kernel-hardening@lists.openwall.com" , "linux-api@vger.kernel.org" , "linux-integrity@vger.kernel.org" , "linux-security-module@vger.kernel.org" , "linux-fsdevel@vger.kernel.org" Subject: RE: [PATCH v7 0/7] Add support for O_MAYEXEC Thread-Topic: [PATCH v7 0/7] Add support for O_MAYEXEC Thread-Index: AQHWb1PwbfAzth+cK0yvrOzhTaEjE6kx5WiA Date: Mon, 10 Aug 2020 22:09:09 +0000 Message-ID: <30b8c003f49d4280be5215f634ca2c06@AcuMS.aculab.com> References: <20200723171227.446711-1-mic@digikod.net> <202007241205.751EBE7@keescook> <0733fbed-cc73-027b-13c7-c368c2d67fb3@digikod.net> <20200810202123.GC1236603@ZenIV.linux.org.uk> In-Reply-To: <20200810202123.GC1236603@ZenIV.linux.org.uk> Accept-Language: en-GB, en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [10.202.205.107] MIME-Version: 1.0 Authentication-Results: relay.mimecast.com; auth=pass smtp.auth=C51A453 smtp.mailfrom=david.laight@aculab.com X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: aculab.com Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8BIT Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org > On Mon, Aug 10, 2020 at 10:11:53PM +0200, Mickaël Salaün wrote: > > It seems that there is no more complains nor questions. Do you want me > > to send another series to fix the order of the S-o-b in patch 7? > > There is a major question regarding the API design and the choice of > hooking that stuff on open(). And I have not heard anything resembling > a coherent answer. To me O_MAYEXEC is just the wrong name. The bit would be (something like) O_INTERPRET to indicate what you want to do with the contents. The kernel 'policy' then decides whether that needs 'r-x' access or whether 'r--' access in enough. I think that is what you 100 line comment in 0/n means. David - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)