Thread (32 messages) 32 messages, 12 authors, 2019-08-06

Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC

From: Matthew Wilcox <willy@infradead.org>
Date: 2018-12-13 12:16:50
Also in: linux-fsdevel, linux-security-module, lkml

On Thu, Dec 13, 2018 at 06:04:20AM -0500, Mimi Zohar wrote:
quoted
I don't have a problem with the concept, but we're running low on O_ bits.
Does this have to be done before the process gets a file descriptor,
or could we have a new syscall?  Since we're going to be changing the
interpreters anyway, it doesn't seem like too much of an imposition to
ask them to use:

	int verify_for_exec(int fd)

instead of adding an O_MAYEXEC.
The indication needs to be set during file open, before the open
returns to the caller.  This is the point where ima_file_check()
verifies the file's signature.  On failure, access to the file is
denied.
I understand that's what happens today, but do we need to do it that way?
There's no harm in the interpreter having an fd to a file if it knows
not to execute it.  This is different from a program opening a file and
having the LSM deny access to it because it violates the security model.
Keyboard shortcuts
hback out one level
jnext message in thread
kprevious message in thread
ldrill in
Escclose help / fold thread tree
?toggle this help