|
Message-ID: <87lg4upkpv.fsf@oldenburg2.str.redhat.com> Date: Wed, 12 Dec 2018 21:13:16 +0100 From: Florian Weimer <fweimer@...hat.com> To: James Morris <jmorris@...ei.org> Cc: Mickaël Salaün <mic@...ikod.net>, linux-kernel@...r.kernel.org, Al Viro <viro@...iv.linux.org.uk>, Jonathan Corbet <corbet@....net>, Kees Cook <keescook@...omium.org>, Matthew Garrett <mjg59@...gle.com>, Michael Kerrisk <mtk.manpages@...il.com>, Mickaël Salaün <mickael.salaun@....gouv.fr>, Mimi Zohar <zohar@...ux.ibm.com>, Philippe Trébuchet <philippe.trebuchet@....gouv.fr>, Shuah Khan <shuah@...nel.org>, Thibaut Sautereau <thibaut.sautereau@....gouv.fr>, Vincent Strubel <vincent.strubel@....gouv.fr>, Yves-Alexis Perez <yves-alexis.perez@....gouv.fr>, kernel-hardening@...ts.openwall.com, linux-api@...r.kernel.org, linux-security-module@...r.kernel.org, linux-fsdevel@...r.kernel.org Subject: Re: [RFC PATCH v1 0/5] Add support for O_MAYEXEC * James Morris: > If you're depending on the script interpreter to flag that the user may > execute code, this seems to be equivalent in security terms to depending > on the user. e.g. what if the user uses ptrace and clears O_MAYEXEC? The argument I've heard is this: Using ptrace (and adding the +x attribute) are auditable events. Florian
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.