On 01/05/2020 13:47, Christian Heimes wrote:
> On 29/04/2020 00.01, Jann Horn wrote:
>> On Tue, Apr 28, 2020 at 11:21 PM Florian Weimer wrote:
>>> * Jann Horn:
>>>
Just as a comment: You'd probably also have to use RESOLVE_MAYEXEC in
the dynamic linker.
>>>
>>> Absolutely. In typical
On 29/04/2020 00.01, Jann Horn wrote:
> On Tue, Apr 28, 2020 at 11:21 PM Florian Weimer wrote:
>> * Jann Horn:
>>
>>> Just as a comment: You'd probably also have to use RESOLVE_MAYEXEC in
>>> the dynamic linker.
>>
>> Absolutely. In typical configurations, the kernel does not enforce
>> that exec
On Tue, 28 Apr 2020, Mickaël Salaün wrote:
> Furthermore, the security policy can also be delegated to an LSM, either
> a MAC system or an integrity system. For instance, the new kernel
> MAY_OPENEXEC flag closes a major IMA measurement/appraisal interpreter
> integrity gap by bringing the abilit
On 30/04/2020 10:07, Christian Brauner wrote:
> On Thu, Apr 30, 2020 at 11:54:29AM +1000, Aleksa Sarai wrote:
>> On 2020-04-28, Mickaël Salaün wrote:
>>> The goal of this patch series is to enable to control script execution
>>> with interpreters help. A new RESOLVE_MAYEXEC flag, usable through
On Thu, Apr 30, 2020 at 11:54:29AM +1000, Aleksa Sarai wrote:
> On 2020-04-28, Mickaël Salaün wrote:
> > The goal of this patch series is to enable to control script execution
> > with interpreters help. A new RESOLVE_MAYEXEC flag, usable through
> > openat2(2), is added to enable userspace scrip
On 2020-04-28, Mickaël Salaün wrote:
> The goal of this patch series is to enable to control script execution
> with interpreters help. A new RESOLVE_MAYEXEC flag, usable through
> openat2(2), is added to enable userspace script interpreter to delegate
> to the kernel (and thus the system securit
On 29/04/2020 00:01, Jann Horn wrote:
> On Tue, Apr 28, 2020 at 11:21 PM Florian Weimer wrote:
>> * Jann Horn:
>>
>>> Just as a comment: You'd probably also have to use RESOLVE_MAYEXEC in
>>> the dynamic linker.
>>
>> Absolutely. In typical configurations, the kernel does not enforce
>> that e
On Tue, Apr 28, 2020 at 11:21 PM Florian Weimer wrote:
> * Jann Horn:
>
> > Just as a comment: You'd probably also have to use RESOLVE_MAYEXEC in
> > the dynamic linker.
>
> Absolutely. In typical configurations, the kernel does not enforce
> that executable mappings must be backed by files which
* Jann Horn:
> Just as a comment: You'd probably also have to use RESOLVE_MAYEXEC in
> the dynamic linker.
Absolutely. In typical configurations, the kernel does not enforce
that executable mappings must be backed by files which are executable.
It's most obvious with using an explicit loader inv
On Tue, Apr 28, 2020 at 7:51 PM Mickaël Salaün wrote:
> The goal of this patch series is to enable to control script execution
> with interpreters help. A new RESOLVE_MAYEXEC flag, usable through
> openat2(2), is added to enable userspace script interpreter to delegate
> to the kernel (and thus t
Hi,
The goal of this patch series is to enable to control script execution
with interpreters help. A new RESOLVE_MAYEXEC flag, usable through
openat2(2), is added to enable userspace script interpreter to delegate
to the kernel (and thus the system security policy) the permission to
interpret/exe
11 matches
Mail list logo
