Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC
From: Florian Weimer
Date: Thu Dec 13 2018 - 00:22:10 EST
* Matthew Wilcox:
> On Wed, Dec 12, 2018 at 09:17:07AM +0100, MickaÃl SalaÃn wrote:
>> The goal of this patch series is to control script interpretation. A
>> new O_MAYEXEC flag used by sys_open() is added to enable userland script
>> interpreter to delegate to the kernel (and thus the system security
>> policy) the permission to interpret scripts or other files containing
>> what can be seen as commands.
>
> I don't have a problem with the concept, but we're running low on O_ bits.
> Does this have to be done before the process gets a file descriptor,
> or could we have a new syscall? Since we're going to be changing the
> interpreters anyway, it doesn't seem like too much of an imposition to
> ask them to use:
>
> int verify_for_exec(int fd)
>
> instead of adding an O_MAYEXEC.
Will this work for auditing?
Maybe add an interface which explicitly upgrades O_PATH descriptors, and
give that a separate flag argument? I suppose that would be more
friendly to auditing.
Thanks,
Florian