On Wed, Mar 20, 2019 at 7:38 AM Aleksa Sarai <cyphar@xxxxxxxxxx> wrote: > > Now that the holiday break is over, it's time to re-send this patch > series (with a few additions, due to new information we got from > CVE-2019-5736 -- which this patchset mostly protected against but had > some holes with regards to #!-style scripts). I generally like this, but, as Linus pointed out, it will be unfortunate if application authors see this as just another non-portable weird Linux API and don't use it. Would it be worthwhile to put some thought into making it an API that other OSes might be willing to implement? As it stands, the openat(2) flags are getting rather crazy in this patch set. Aleksa had a resolveat(2) proposal that really didn't seem too bad.
