On Tue, Jan 24, 2017 at 2:32 AM, Tetsuo Handa <penguin-kernel@xxxxxxxxxxxxxxxxxxx> wrote: > Hello. > > Can I read archive of the discussion of this topic from the beginning? > I felt that this topic might be an opportunity of proposing my execute handler > approach. It should be in the linux-mm archives. > > In TOMOYO LSM (out of tree version), administrator can specify a program > called execute handler which should be executed on behalf of a program > requested by execve(). The specified program performs validation (e.g. whether > argv[]/envp[] are appropriate) and setup (e.g. redirect file handles) before > executing the program requested by execve(). > > Conceptually execute handler is something like > > #!/bin/sh > test ... || exit 1 > test ... || exit 1 > test ... || exit 1 > exec ... > > which would in practice be implemented using C like > https://osdn.net/projects/tomoyo/scm/svn/blobs/head/tags/ccs-tools/1.8.5p1/usr_lib_ccs/audit-exec-param.c . > It is not difficult to implement the kernel side as well. > The difference is that that last exec means that the kernel is still exposed to any bugs in its ELF parser. Moving that to user mode would reduce the attack surface. -- To unsubscribe, send a message with 'unsubscribe linux-mm' in the body to majordomo@xxxxxxxxx. For more info on Linux MM, see: http://www.linux-mm.org/ . Don't email: <a href=mailto:"dont@xxxxxxxxx";> email@xxxxxxxxx </a>
