Re: [RFC PATCH v1 1/2] fs: Add O_DENY_WRITE
From: Florian Weimer <hidden>
Date: 2025-08-25 09:39:37
Also in:
linux-fsdevel, linux-integrity, linux-security-module, lkml
Possibly related (same subject, not in this thread)
- 2025-08-28 · Re: [RFC PATCH v1 1/2] fs: Add O_DENY_WRITE · Jeff Xu <hidden>
- 2025-08-27 · Re: [RFC PATCH v1 1/2] fs: Add O_DENY_WRITE · Aleksa Sarai <hidden>
- 2025-08-27 · Re: [RFC PATCH v1 1/2] fs: Add O_DENY_WRITE · Aleksa Sarai <hidden>
- 2025-08-27 · Re: [RFC PATCH v1 1/2] fs: Add O_DENY_WRITE · Mickaël Salaün <mic@digikod.net>
- 2025-08-26 · Re: [RFC PATCH v1 1/2] fs: Add O_DENY_WRITE · Jeff Xu <hidden>
* Mickaël Salaün:
The order of checks would be: 1. open script with O_DENY_WRITE 2. check executability with AT_EXECVE_CHECK 3. read the content and interpret it The deny-write feature was to guarantee that there is no race condition between step 2 and 3. All these checks are supposed to be done by a trusted interpreter (which is allowed to be executed). The AT_EXECVE_CHECK call enables the caller to know if the kernel (and associated security policies) allowed the *current* content of the file to be executed. Whatever happen before or after that (wrt. O_DENY_WRITE) should be covered by the security policy.
Why isn't it an improper system configuration if the script file is writable? In the past, the argument was that making a file (writable and) executable was an auditable even, and that provided enough coverage for those people who are interested in this. Thanks, Florian