Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC

From: Florian Weimer
Date: Thu Dec 13 2018 - 00:13:50 EST

* James Morris:

> On Wed, 12 Dec 2018, Florian Weimer wrote:
>> * James Morris:
>> > If you're depending on the script interpreter to flag that the user may
>> > execute code, this seems to be equivalent in security terms to depending
>> > on the user. e.g. what if the user uses ptrace and clears O_MAYEXEC?
>> The argument I've heard is this: Using ptrace (and adding the +x
>> attribute) are auditable events.
> I guess you could also preload a modified libc which strips the flag.

My understanding is that this new libc would have to come somewhere, and
making it executable would be an auditable even as well.