Thread (15 messages) 15 messages, 3 authors, 2024-12-11

Re: [PATCH v22 0/8] Script execution control (was O_MAYEXEC)

From: Mickaël Salaün <mic@digikod.net>
Date: 2024-12-05 17:48:29
Also in: linux-api, linux-fsdevel, linux-integrity, lkml 

On Thu, Dec 05, 2024 at 05:09:17PM +0100, Mickaël Salaün wrote:
Hi,

The goal of this patch series is to be able to ensure that direct file
execution (e.g. ./script.sh) and indirect file execution (e.g. sh
script.sh) lead to the same result, especially from a security point of
view.

The main changes from the previous version are the IMA patch to properly
log access check requests with audit, removal of audit change, an
extended documentation for tailored distros, a rebase on v6.13-rc1, and
some minor cosmetic changes.

The current status is summarized in this article:
https://lwn.net/Articles/982085/
I also gave a talk at LPC last month:
https://lpc.events/event/18/contributions/1692/
And here is a proof of concept for Python (for now, for the previous
version: v19): https://github.com/zooba/spython/pull/12

Kees, would you like to take this series in your tree?
Previous versions
-----------------
v21: https://lore.kernel.org/r/20241112191858.162021-1-mic@digikod.net (local)

v20: https://lore.kernel.org/r/20241011184422.977903-1-mic@digikod.net (local)
v19: https://lore.kernel.org/r/20240704190137.696169-1-mic@digikod.net (local)
v18: https://lore.kernel.org/r/20220104155024.48023-1-mic@digikod.net (local)
v17: https://lore.kernel.org/r/20211115185304.198460-1-mic@digikod.net (local)
v16: https://lore.kernel.org/r/20211110190626.257017-1-mic@digikod.net (local)
v15: https://lore.kernel.org/r/20211012192410.2356090-1-mic@digikod.net (local)
v14: https://lore.kernel.org/r/20211008104840.1733385-1-mic@digikod.net (local)
v13: https://lore.kernel.org/r/20211007182321.872075-1-mic@digikod.net (local)
v12: https://lore.kernel.org/r/20201203173118.379271-1-mic@digikod.net (local)
v11: https://lore.kernel.org/r/20201019164932.1430614-1-mic@digikod.net (local)
v10: https://lore.kernel.org/r/20200924153228.387737-1-mic@digikod.net (local)
v9: https://lore.kernel.org/r/20200910164612.114215-1-mic@digikod.net (local)
v8: https://lore.kernel.org/r/20200908075956.1069018-1-mic@digikod.net (local)
v7: https://lore.kernel.org/r/20200723171227.446711-1-mic@digikod.net (local)
v6: https://lore.kernel.org/r/20200714181638.45751-1-mic@digikod.net (local)
v5: https://lore.kernel.org/r/20200505153156.925111-1-mic@digikod.net (local)
v4: https://lore.kernel.org/r/20200430132320.699508-1-mic@digikod.net (local)
v3: https://lore.kernel.org/r/20200428175129.634352-1-mic@digikod.net (local)
v2: https://lore.kernel.org/r/20190906152455.22757-1-mic@digikod.net (local)
v1: https://lore.kernel.org/r/20181212081712.32347-1-mic@digikod.net (local)
  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help