Received: by 2002:a05:6a10:22f:0:0:0:0 with SMTP id 15csp1231877pxk; Thu, 10 Sep 2020 10:08:56 -0700 (PDT) X-Google-Smtp-Source: ABdhPJz/WEfXvy4Hoq8OwHf6JTF+npKE67clzV7nAYcqyO5YCGpKCRIYBim19dyoCEJ9djDz4FN4 X-Received: by 2002:a17:907:444d:: with SMTP id on21mr9445532ejb.329.1599757735835; Thu, 10 Sep 2020 10:08:55 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1599757735; cv=none; d=google.com; s=arc-20160816; b=OLyktq6DTMG9hN3OFeFtN9jQ3GfAiDZu9uZePelBJoNhvxC6k4HtzGC0fRjKA0DS4J iifrkPJhElRxfJlHI7KNYm2QaiT/gSMnzL5exz7HBCPvqh0y+8ZF9boJNs2SconYUKTD OMitTB2E7x/h+sNzFDJ55WakkrzdWSIRTAyJgte15d4b0gica8YAbSNrfd/DNPBZ8lQY tcrpA5dkTSRkBuUCcpJq1TlHb4FaDJVQKme4QrXC3UhYVgoTMtOao/Myg3Ph+ECCATbo q3NwAzZe7gmvYnX6xz+9Mr5F8f7+CiZcO87Bf6FOYZp/6OYlR1N/KQn9gGIVCqNa+do2 tBXw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:in-reply-to:content-transfer-encoding :content-disposition:mime-version:references:message-id:subject:cc :to:from:date:dkim-signature; bh=OyXzjCB63mYRe0BvSmc1T78HrhzEXzQ566vkrNeunqA=; b=xs59cRc4LU/SokHl4LRvqPZRzKnf6nIYnPNLEwN37Sja/7Z+7vygRUBSGp681mqrVp FGSNu7xs3pvahcXxi0QpT/h5YyOWAx8r7F6TVT8w/sN27uIWm4RQWVvovGlTwxZlWqlc j7UrOTw8CkvKLx6oe3vmLWwAbOyQgehTPSczHUmYX34F7o59ZyJ9fc/4Zw0JUaxyVt1k 4gJnD+c6wdpl5gjkU7nF3ZjeD/raZdBEfud90Qzae9e9HxNNJSnv3qI4t0uh9AtMKylU tGyKAW00OnwNYYMGg8Ex0PXHoRCOmmNK7ohsiw0Z2ExvV1RZESQOV3ukaQ0+Ud04tFc+ a8Jg== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@infradead.org header.s=casper.20170209 header.b=PNzhRz1i; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id k14si4181083ejx.254.2020.09.10.10.08.33; Thu, 10 Sep 2020 10:08:55 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=fail header.i=@infradead.org header.s=casper.20170209 header.b=PNzhRz1i; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726769AbgIJRFP (ORCPT + 99 others); Thu, 10 Sep 2020 13:05:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:52306 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727843AbgIJREh (ORCPT ); Thu, 10 Sep 2020 13:04:37 -0400 Received: from casper.infradead.org (casper.infradead.org [IPv6:2001:8b0:10b:1236::1]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 99F84C061573; Thu, 10 Sep 2020 10:04:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=infradead.org; s=casper.20170209; h=In-Reply-To:Content-Transfer-Encoding: Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date: Sender:Reply-To:Content-ID:Content-Description; bh=OyXzjCB63mYRe0BvSmc1T78HrhzEXzQ566vkrNeunqA=; b=PNzhRz1iWp6AsZIRd/72enP4n6 0cGLlHpItHhRrb4V65JwvV3zyrBFvKYVo7bXAjFWgtvpAGHhyayXpGt/uOkz4CdqT81VeYf3/wKF0 dXdbNkOXmfBwjUe/8WbUJI+7Vk5iQf0emhN7GpuPd3c1HZw1T/xWQ/usVNovNbEbO3dRSZMv8JA9H OKXxTeHazmHVvtSSMEOViFLnER1ZFjPDzrdQwYHy6uhKo7rXrBo2NV67Q4zlWAafMgPlX0XLrLhKw SbjsUxcCvBG1XQYoYuuVkZSevrSXz3Hxd8Tl2n4dv5NKRrECTXUzBKQ5zFpZ27FcC/z0JgqFihe9Z QR+thY4g==; Received: from willy by casper.infradead.org with local (Exim 4.92.3 #3 (Red Hat Linux)) id 1kGPzk-000804-44; Thu, 10 Sep 2020 17:04:24 +0000 Date: Thu, 10 Sep 2020 18:04:24 +0100 From: Matthew Wilcox To: =?iso-8859-1?Q?Micka=EBl_Sala=FCn?= Cc: linux-kernel@vger.kernel.org, Aleksa Sarai , Alexei Starovoitov , Al Viro , Andrew Morton , Andy Lutomirski , Arnd Bergmann , Casey Schaufler , Christian Brauner , Christian Heimes , Daniel Borkmann , Deven Bowers , Dmitry Vyukov , Eric Biggers , Eric Chiang , Florian Weimer , James Morris , Jan Kara , Jann Horn , Jonathan Corbet , Kees Cook , Lakshmi Ramasubramanian , Matthew Garrett , Michael Kerrisk , Miklos Szeredi , Mimi Zohar , Philippe =?iso-8859-1?Q?Tr=E9buchet?= , Scott Shell , Sean Christopherson , Shuah Khan , Steve Dower , Steve Grubb , Tetsuo Handa , Thibaut Sautereau , Vincent Strubel , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org Subject: Re: [RFC PATCH v9 0/3] Add introspect_access(2) (was O_MAYEXEC) Message-ID: <20200910170424.GU6583@casper.infradead.org> References: <20200910164612.114215-1-mic@digikod.net> MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: <20200910164612.114215-1-mic@digikod.net> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Thu, Sep 10, 2020 at 06:46:09PM +0200, Micka?l Sala?n wrote: > This ninth patch series rework the previous AT_INTERPRETED and O_MAYEXEC > series with a new syscall: introspect_access(2) . Access check are now > only possible on a file descriptor, which enable to avoid possible race > conditions in user space. But introspection is about examining _yourself_. This isn't about doing that. It's about doing ... something ... to a script that you're going to execute. If the script were going to call the syscall, then it might be introspection. Or if the interpreter were measuring itself, that would be introspection. But neither of those would be useful things to do, because an attacker could simply avoid doing them. So, bad name. What might be better? sys_security_check()? sys_measure()? sys_verify_fd()? I don't know.