Thread (32 messages) 32 messages, 12 authors, 2019-08-06

Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC

From: Mickaël Salaün <hidden>
Date: 2018-12-13 15:17:24
Also in: linux-fsdevel, linux-security-module, lkml

On 13/12/2018 04:02, Matthew Wilcox wrote:
On Wed, Dec 12, 2018 at 09:17:07AM +0100, Mickaël Salaün wrote:
quoted
The goal of this patch series is to control script interpretation.  A
new O_MAYEXEC flag used by sys_open() is added to enable userland script
interpreter to delegate to the kernel (and thus the system security
policy) the permission to interpret scripts or other files containing
what can be seen as commands.
I don't have a problem with the concept, but we're running low on O_ bits.
Does this have to be done before the process gets a file descriptor,
or could we have a new syscall?  Since we're going to be changing the
interpreters anyway, it doesn't seem like too much of an imposition to
ask them to use:

	int verify_for_exec(int fd)

instead of adding an O_MAYEXEC.
Adding a new syscall for this simple use case seems excessive. I think
that the open/openat syscall familly are the right place to do an atomic
open and permission check, the same way the kernel does for other file
access. Moreover, it will be easier to patch upstream interpreters
without the burden of handling a (new) syscall that may not exist on the
running system, whereas unknown open flags are ignored.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help