Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 15 May 2020 10:43:34 +0200
From: Florian Weimer <>
To: Kees Cook <>
Cc: Mickaël Salaün <>,  Al Viro
  Aleksa Sarai <>,  Andy Lutomirski <>,
  Mimi Zohar <>,  Stephen Smalley
 <>,  Christian Heimes
 <>,  Deven Bowers <>,
  Tetsuo Handa <>,  John Johansen
 <>,  Kentaro Takeda <>,
  "Lev R. Oshvang ." <>,  Alexei Starovoitov
 <>,  Daniel Borkmann <>,  Eric Chiang
 <>,  James Morris <>,  Jan Kara
 <>,  Jann Horn <>,  Jonathan Corbet
 <>,  Lakshmi Ramasubramanian <>,
  Matthew Garrett <>,  Matthew Wilcox
 <>,  Michael Kerrisk <>,
  Mickaël Salaün <>,
  Philippe Trébuchet
 <>,  Scott Shell <>,
  Sean Christopherson <>,  Shuah Khan
 <>,  Steve Dower <>,  Steve Grubb
 <>,  Thibaut Sautereau <>,
  Vincent Strubel <>,  linux-kernel
 <>,,,,  LSM List
 <>,  Linux FS Devel
Subject: Re: How about just O_EXEC? (was Re: [PATCH v5 3/6] fs: Enable to enforce noexec mounts or file exec through O_MAYEXEC)

* Kees Cook:

> Maybe I've missed some earlier discussion that ruled this out, but I
> couldn't find it: let's just add O_EXEC and be done with it. It actually
> makes the execve() path more like openat2() and is much cleaner after
> a little refactoring. Here are the results, though I haven't emailed it
> yet since I still want to do some more testing:

I think POSIX specifies O_EXEC in such a way that it does not confer
read permissions.  This seems incompatible with what we are trying to
achieve here.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.