lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20250826205057.GC1603531@mit.edu>
Date: Tue, 26 Aug 2025 16:50:57 -0400
From: "Theodore Ts'o" <tytso@....edu>
To: Mickaël Salaün <mic@...ikod.net>
Cc: Christian Brauner <brauner@...nel.org>, Al Viro <viro@...iv.linux.org.uk>,
        Kees Cook <keescook@...omium.org>, Paul Moore <paul@...l-moore.com>,
        Serge Hallyn <serge@...lyn.com>, Andy Lutomirski <luto@...nel.org>,
        Arnd Bergmann <arnd@...db.de>, Christian Heimes <christian@...hon.org>,
        Dmitry Vyukov <dvyukov@...gle.com>, Elliott Hughes <enh@...gle.com>,
        Fan Wu <wufan@...ux.microsoft.com>,
        Florian Weimer <fweimer@...hat.com>, Jann Horn <jannh@...gle.com>,
        Jeff Xu <jeffxu@...gle.com>, Jonathan Corbet <corbet@....net>,
        Jordan R Abrahams <ajordanr@...gle.com>,
        Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>,
        Luca Boccassi <bluca@...ian.org>,
        Matt Bobrowski <mattbobrowski@...gle.com>,
        Miklos Szeredi <mszeredi@...hat.com>, Mimi Zohar <zohar@...ux.ibm.com>,
        Nicolas Bouchinet <nicolas.bouchinet@....cyber.gouv.fr>,
        Robert Waite <rowait@...rosoft.com>,
        Roberto Sassu <roberto.sassu@...wei.com>,
        Scott Shell <scottsh@...rosoft.com>,
        Steve Dower <steve.dower@...hon.org>, Steve Grubb <sgrubb@...hat.com>,
        kernel-hardening@...ts.openwall.com, linux-api@...r.kernel.org,
        linux-fsdevel@...r.kernel.org, linux-integrity@...r.kernel.org,
        linux-kernel@...r.kernel.org, linux-security-module@...r.kernel.org
Subject: Re: [RFC PATCH v1 0/2] Add O_DENY_WRITE (complement AT_EXECVE_CHECK)

On Tue, Aug 26, 2025 at 07:47:30PM +0200, Mickaël Salaün wrote:
> 
>   Passing the AT_EXECVE_CHECK flag to execveat(2) only performs a check
>   on a regular file and returns 0 if execution of this file would be
>   allowed, ignoring the file format and then the related interpreter
>   dependencies (e.g. ELF libraries, script’s shebang).

But if that's it, why can't the script interpreter (python, bash,
etc.) before executing the script, checks for executability via
faccessat(2) or fstat(2)?

The whole O_DONY_WRITE dicsussion seemed to imply that AT_EXECVE_CHECK
was doing more than just the executability check?

> There is no other way for user space to reliably check executability of
> files (taking into account all enforced security
> policies/configurations).

Why doesn't faccessat(2) or fstat(2) suffice?  This is why having a
more substantive requirements and design doc might be helpful.  It
appears you have some assumptions that perhaps other kernel developers
are not aware.  I certainly seem to be missing something.....

    		  	    	    - Ted

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ