Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CAG48ez3Q0YMmnutKeUuGO+Vg_UPbcv9AyG7QEK=ajwuGQRfrUw@mail.gmail.com>
Date: Wed, 14 Jun 2017 16:34:11 +0200
From: Jann Horn <jannh@...gle.com>
To: Solar Designer <solar@...nwall.com>
Cc: Matt Brown <matt@...tt.com>, Kernel Hardening <kernel-hardening@...ts.openwall.com>
Subject: Re: Re: [PATCH v2 1/1] Add Trusted Path Execution
 as a stackable LSM

On Wed, Jun 14, 2017 at 4:33 PM, Jann Horn <jannh@...gle.com> wrote:
> On Wed, Jun 14, 2017 at 4:28 PM, Solar Designer <solar@...nwall.com> wrote:
>> On Wed, Jun 14, 2017 at 03:15:22PM +0200, Jann Horn wrote:
>>> Some random related issues:
>>>
>>> Scripts with shebang lines like "#!/usr/bin/env python" probably wouldn't
>>> work anymore, at least not without special-case logic, because in this case,
>>> env has to invoke python.
>>
>> Why would this break?  If both env and python are in trusted paths, it
>> should work with TPE just fine.  (But then TPE is rather ineffective.)
>
> I think somewhere in this thread, or a related one, it was suggested to have
> some mechanism to only prevent execution of e.g. python as an interpreter,
> not direct execution.

s/prevent/permit/

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.