Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 27 Jul 2020 07:27:00 +0200
From: Florian Weimer <>
To: Al Viro <>
Cc: Mickaël Salaün <>,,  Aleksa
 Sarai <>,  Alexei Starovoitov <>,  Andrew
 Morton <>,  Andy Lutomirski <>,
  Christian Brauner <>,  Christian Heimes
 <>,  Daniel Borkmann <>,  Deven
 Bowers <>,  Dmitry Vyukov
 <>,  Eric Biggers <>,  Eric Chiang
 <>,  James Morris <>,  Jan Kara
 <>,  Jann Horn <>,  Jonathan Corbet
 <>,  Kees Cook <>,  Lakshmi
 Ramasubramanian <>,  Matthew Garrett
 <>,  Matthew Wilcox <>,  Michael
 Kerrisk <>,  Mimi Zohar <>,
  Philippe Trébuchet <>,
  Scott Shell
 <>,  Sean Christopherson
 <>,  Shuah Khan <>,  Steve
 Dower <>,  Steve Grubb <>,  Tetsuo
 Handa <>,  Thibaut Sautereau
 <>,  Vincent Strubel
  Thibaut Sautereau <>
Subject: Re: [PATCH v7 4/7] fs: Introduce O_MAYEXEC flag for openat2(2)

* Al Viro:

> On Thu, Jul 23, 2020 at 07:12:24PM +0200, Mickaël Salaün wrote:
>> When the O_MAYEXEC flag is passed, openat2(2) may be subject to
>> additional restrictions depending on a security policy managed by the
>> kernel through a sysctl or implemented by an LSM thanks to the
>> inode_permission hook.  This new flag is ignored by open(2) and
>> openat(2) because of their unspecified flags handling.  When used with
>> openat2(2), the default behavior is only to forbid to open a directory.
> Correct me if I'm wrong, but it looks like you are introducing a magical
> flag that would mean "let the Linux S&M take an extra special whip
> for this open()".
> Why is it done during open?  If the caller is passing it deliberately,
> why not have an explicit request to apply given torture device to an
> already opened file?  Why not sys_masochism(int fd, char *hurt_flavour),
> for that matter?

While I do not think this is appropriate language for a workplace, Al
has a point: If the auditing event can be generated on an already-open
descriptor, it would also cover scenarios like this one:

  perl < /path/to/script

Where the process that opens the file does not (and cannot) know that it
will be used for execution purposes.


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.