On 07/10/2021 21:25, Kees Cook wrote:
On Thu, Oct 07, 2021 at 08:23:18PM +0200, Mickaël Salaün wrote:
quoted
From: Mickaël Salaün <redacted>
The trusted_for() syscall enables user space tasks to check that files
are trusted to be executed or interpreted by user space. This may allow
script interpreters to check execution permission before reading
commands from a file, or dynamic linkers to allow shared object loading.
This may be seen as a way for a trusted task (e.g. interpreter) to check
the trustworthiness of files (e.g. scripts) before extending its control
flow graph with new ones originating from these files.
[...]
aio-nr & aio-max-nr
@@ -382,3 +383,52 @@ Each "watch" costs roughly 90 bytes on a 32bit kernel, and roughly 160 bytes
on a 64bit one.
The current default value for max_user_watches is the 1/25 (4%) of the
available low memory, divided for the "watch" cost in bytes.
+
+
+trust_policy
+------------
bikeshed: can we name this "trusted_for_policy"? Both "trust" and
"policy" are very general words, but "trusted_for" (after this series)
will have a distinct meaning, so "trusted_for_policy" becomes more
specific/searchable.
Ok, I'll rename this sysctl.
With that renamed, I think it looks good! I'm looking forward to
interpreters using this. :)
Acked-by: Kees Cook <redacted>