* Al Viro: > On Thu, Jul 23, 2020 at 07:12:24PM +0200, Mickaël Salaün wrote: >> When the O_MAYEXEC flag is passed, openat2(2) may be subject to >> additional restrictions depending on a security policy managed by the >> kernel through a sysctl or implemented by an LSM thanks to the >> inode_permission hook. This new flag is ignored by open(2) and >> openat(2) because of their unspecified flags handling. When used with >> openat2(2), the default behavior is only to forbid to open a directory. > > Correct me if I'm wrong, but it looks like you are introducing a magical > flag that would mean "let the Linux S&M take an extra special whip > for this open()". > > Why is it done during open? If the caller is passing it deliberately, > why not have an explicit request to apply given torture device to an > already opened file? Why not sys_masochism(int fd, char *hurt_flavour), > for that matter? While I do not think this is appropriate language for a workplace, Al has a point: If the auditing event can be generated on an already-open descriptor, it would also cover scenarios like this one: perl < /path/to/script Where the process that opens the file does not (and cannot) know that it will be used for execution purposes. Thanks, Florian
