Re: [GIT PULL] Add trusted_for(2) (was O_MAYEXEC)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 05/04/2022 01:26, Linus Torvalds wrote:
On Mon, Apr 4, 2022 at 3:25 PM Kees Cook <keescook@xxxxxxxxxxxx> wrote:

[...]


I think this already exists as AT_EACCESS? It was added with
faccessat2() itself, if I'm reading the history correctly.

Yeah, I noticed myself, I just hadn't looked (and I don't do enough
user-space programming to be aware of if that way).

I think AT_EACCESS should be usable with the new EXECVE_OK too.



     (a) "what about suid bits that user space cannot react to"

What do you mean here? Do you mean setid bits on the file itself?

Right.

Maybe we don't care.

I think we don't. I think the only corner case that could be different is for files that are executable, SUID and non-readable. In this case it wouldn't matter because userspace could not read the file, which is required for interpretation/execution. Anyway, S[GU]ID bits in scripts are just ignored by execve and we want to follow the same semantic.



Maybe we do.

Is the user-space loader going to honor them? Is it going to ignore
them? I don't know. And it actually interacts with things like
'nosuid', which the kernel does know about, and user space has a hard
time figuring out.

So if the point is "give me an interface so that I can do the same
thing a kernel execve() loader would do", then those sgid/suid bits
actually may be exactly the kind of thing that user space wants the
kernel to react to - should it ignore them, or should it do something
special when it sees that they are set?

I'm not saying that they *should* be something we care about. All I'm
saying is that I want that *discussion* to happen.

                Linus



[Index of Archives]     [Linux Ext4 Filesystem]     [Union Filesystem]     [Filesystem Testing]     [Ceph Users]     [Ecryptfs]     [NTFS 3]     [AutoFS]     [Kernel Newbies]     [Share Photos]     [Security]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux Cachefs]     [Reiser Filesystem]     [Linux RAID]     [NTFS 3]     [Samba]     [Device Mapper]     [CEPH Development]

  Powered by Linux