subject:"Re\: \[PATCH v2 0\/5\] Add support for O

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

2019-09-09 Thread Mickaël Salaün

On 07/09/2019 00:44, Aleksa Sarai wrote: > On 2019-09-06, Andy Lutomirski wrote: >>> On Sep 6, 2019, at 12:07 PM, Steve Grubb wrote: >>> On Friday, September 6, 2019 2:57:00 PM EDT Florian Weimer wrote: * Steve Grubb: > Now with LD_AUDIT > $ LD_AUDIT=/home/sgrubb/test/openflag

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

2019-09-08 Thread James Morris

On Fri, 6 Sep 2019, Mickaël Salaün wrote: > Furthermore, the security policy can also be delegated to an LSM, either > a MAC system or an integrity system. For instance, the new kernel > MAY_OPENEXEC flag closes a major IMA measurement/appraisal interpreter > integrity gap by bringing the ability

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

2019-09-06 Thread Aleksa Sarai

On 2019-09-06, Andy Lutomirski wrote: > > On Sep 6, 2019, at 12:07 PM, Steve Grubb wrote: > > > >> On Friday, September 6, 2019 2:57:00 PM EDT Florian Weimer wrote: > >> * Steve Grubb: > >>> Now with LD_AUDIT > >>> $ LD_AUDIT=/home/sgrubb/test/openflags/strip-flags.so.0 strace ./test > >>> 2>&1

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

2019-09-06 Thread Andy Lutomirski

> On Sep 6, 2019, at 12:07 PM, Steve Grubb wrote: > >> On Friday, September 6, 2019 2:57:00 PM EDT Florian Weimer wrote: >> * Steve Grubb: >>> Now with LD_AUDIT >>> $ LD_AUDIT=/home/sgrubb/test/openflags/strip-flags.so.0 strace ./test >>> 2>&1 | grep passwd openat(3, "passwd", O_RDONLY)

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

2019-09-06 Thread Steve Grubb

On Friday, September 6, 2019 2:57:00 PM EDT Florian Weimer wrote: > * Steve Grubb: > > Now with LD_AUDIT > > $ LD_AUDIT=/home/sgrubb/test/openflags/strip-flags.so.0 strace ./test > > 2>&1 | grep passwd openat(3, "passwd", O_RDONLY) = 4 > > > > No O_CLOEXEC flag. > > I think you need to

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

2019-09-06 Thread Florian Weimer

* Steve Grubb: > Now with LD_AUDIT > $ LD_AUDIT=/home/sgrubb/test/openflags/strip-flags.so.0 strace ./test 2>&1 | > grep passwd > openat(3, "passwd", O_RDONLY) = 4 > > No O_CLOEXEC flag. I think you need to explain in detail why you consider this a problem. With LD_PRELOAD and LD_AUDI

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

2019-09-06 Thread Steve Grubb

On Friday, September 6, 2019 11:24:50 AM EDT Mickaël Salaün wrote: > The goal of this patch series is to control script interpretation. A > new O_MAYEXEC flag used by sys_open() is added to enable userspace > script interpreter to delegate to the kernel (and thus the system > security policy) the

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

Re: [PATCH v2 0/5] Add support for O_MAYEXEC

7 matches

Site Navigation

Mail list logo

Footer information