Re: [PATCH v20 1/6] exec: Add a new AT_CHECK flag to execveat(2)

From: sergeh
Date: Mon Oct 14 2024 - 23:21:20 EST

Next message: Zhang, Rui: "Re: [RFC PATCH] x86/acpi: Ignore invalid x2APIC entries"
Previous message: Zhangfei Gao: "Re: [PATCH v8 07/10] iommufd: Fault-capable hwpt attach/detach/replace"
In reply to: Mickaël Salaün: "Re: [PATCH v20 1/6] exec: Add a new AT_CHECK flag to execveat(2)"
Next in thread: Amir Goldstein: "Re: [PATCH v20 1/6] exec: Add a new AT_CHECK flag to execveat(2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Oct 14, 2024 at 09:39:52AM +0200, Mickaël Salaün wrote:
> On Sat, Oct 12, 2024 at 10:04:16PM -0500, Serge E. Hallyn wrote:
> > On Fri, Oct 11, 2024 at 08:44:17PM +0200, Mickaël Salaün wrote:
> > > Add a new AT_CHECK flag to execveat(2) to check if a file would be
> >
> > Apologies for both bikeshedding and missing earlier discussions.
> >
> > But AT_CHECK sounds quite generic. How about AT_EXEC_CHECK, or
> > AT_CHECK_EXEC_CREDS? (I would suggest just AT_CHECK_CREDS since
> > it's for use in execveat(2), but as it's an AT_ flag, it's
> > probably worth being more precise).
>
> As Amir pointed out, we need at least to use the AT_EXECVE_CHECK_
> prefix, and I agree with the AT_EXECVE_CHECK name because it's about
> checking the whole execve request, not sepcifically a "creds" part.

Well, not the whole. You are explicitly not checking the validity of the
files.

But ok. With that,

Reviewed-by: Serge Hallyn <sergeh@xxxxxxxxxx>

thanks,
-serge

Next message: Zhang, Rui: "Re: [RFC PATCH] x86/acpi: Ignore invalid x2APIC entries"
Previous message: Zhangfei Gao: "Re: [PATCH v8 07/10] iommufd: Fault-capable hwpt attach/detach/replace"
In reply to: Mickaël Salaün: "Re: [PATCH v20 1/6] exec: Add a new AT_CHECK flag to execveat(2)"
Next in thread: Amir Goldstein: "Re: [PATCH v20 1/6] exec: Add a new AT_CHECK flag to execveat(2)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]