Re: [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Subject: Re: [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
From: Florian Weimer <fweimer@xxxxxxxxxx>
Date: Fri, 06 Sep 2019 17:56:32 +0200
Cc: linux-kernel@xxxxxxxxxxxxxxx, Aleksa Sarai <cyphar@xxxxxxxxxx>, Alexei Starovoitov <ast@xxxxxxxxxx>, Al Viro <viro@xxxxxxxxxxxxxxxxxx>, Andy Lutomirski <luto@xxxxxxxxxx>, Christian Heimes <christian@xxxxxxxxxx>, Daniel Borkmann <daniel@xxxxxxxxxxxxx>, Eric Chiang <ericchiang@xxxxxxxxxx>, James Morris <jmorris@xxxxxxxxx>, Jan Kara <jack@xxxxxxx>, Jann Horn <jannh@xxxxxxxxxx>, Jonathan Corbet <corbet@xxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, Matthew Garrett <mjg59@xxxxxxxxxx>, Matthew Wilcox <willy@xxxxxxxxxxxxx>, Michael Kerrisk <mtk.manpages@xxxxxxxxx>, Mickaël Salaün <mickael.salaun@xxxxxxxxxxx>, Mimi Zohar <zohar@xxxxxxxxxxxxx>, Philippe Trébuchet <philippe.trebuchet@xxxxxxxxxxx>, Scott Shell <scottsh@xxxxxxxxxxxxx>, Sean Christopherson <sean.j.christopherson@xxxxxxxxx>, Shuah Khan <shuah@xxxxxxxxxx>, Song Liu <songliubraving@xxxxxx>, Steve Dower <steve.dower@xxxxxxxxxx>, Steve Grubb <sgrubb@xxxxxxxxxx>, Thibaut Sautereau <thibaut.sautereau@xxxxxxxxxxx>, Vincent Strubel <vincent.strubel@xxxxxxxxxxx>, Yves-Alexis Perez <yves-alexis.perez@xxxxxxxxxxx>, kernel-hardening@xxxxxxxxxxxxxxxxxx, linux-api@xxxxxxxxxxxxxxx, linux-security-module@xxxxxxxxxxxxxxx, linux-fsdevel@xxxxxxxxxxxxxxx
In-reply-to: <20190906152455.22757-2-mic@digikod.net> ("Mickaël Salaün"'s message of "Fri, 6 Sep 2019 17:24:51 +0200")
References: <20190906152455.22757-1-mic@digikod.net> <20190906152455.22757-2-mic@digikod.net>
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/26.2 (gnu/linux)

Let's assume I want to add support for this to the glibc dynamic loader,
while still being able to run on older kernels.

Is it safe to try the open call first, with O_MAYEXEC, and if that fails
with EINVAL, try again without O_MAYEXEC?

Or do I risk disabling this security feature if I do that?

Do we need a different way for recognizing kernel support.  (Note that
we cannot probe paths in /proc for various reasons.)

Thanks,
Florian

Follow-Ups:
- Re: [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
  - From: Mickaël Salaün

References:
- [PATCH v2 0/5] Add support for O_MAYEXEC
  - From: Mickaël Salaün
- [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
  - From: Mickaël Salaün

Prev by Date: Re: Why add the general notification queue and its sources
Next by Date: Re: Why add the general notification queue and its sources
Previous by thread: [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
Next by thread: Re: [PATCH v2 1/5] fs: Add support for an O_MAYEXEC flag on sys_open()
Index(es):
- Date
- Thread

[Index of Archives] [Linux USB Devel] [Video for Linux] [Linux Audio Users] [Yosemite News] [Linux Kernel] [Linux SCSI]