Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2)
From: Jeff Xu <hidden>
Date: 2024-07-08 17:53:16
Also in:
linux-api, linux-fsdevel, linux-integrity, lkml
Possibly related (same subject, not in this thread)
- 2024-08-09 · Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2) · Jeff Xu <hidden>
- 2024-08-09 · Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2) · Mickaël Salaün <mic@digikod.net>
- 2024-08-05 · Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2) · Jeff Xu <hidden>
- 2024-07-23 · Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2) · Mickaël Salaün <mic@digikod.net>
- 2024-07-23 · Re: [RFC PATCH v19 1/5] exec: Add a new AT_CHECK flag to execveat(2) · Mickaël Salaün <mic@digikod.net>
On Mon, Jul 8, 2024 at 10:33 AM Florian Weimer [off-list ref] wrote:
* Jeff Xu:quoted
On Mon, Jul 8, 2024 at 9:26 AM Florian Weimer [off-list ref] wrote:quoted
* Jeff Xu:quoted
Will dynamic linkers use the execveat(AT_CHECK) to check shared libraries too ? or just the main executable itself.I expect that dynamic linkers will have to do this for everything they map.Then all the objects (.so, .sh, etc.) will go through the check from execveat's main to security_bprm_creds_for_exec(), some of them might be specific for the main executable ?If we want to avoid that, we could have an agreed-upon error code which the LSM can signal that it'll never fail AT_CHECK checks, so we only have to perform the extra system call once.
Right, something like that. I would prefer not having AT_CHECK specific code in LSM code as an initial goal, if that works, great. -Jeff
Thanks, Florian