Re: [PATCH] Add PR_{GET,SET}_NO_NEW_PRIVS to prevent execve fromgranting privs

[Andy Lutomirski]

On Fri, Jan 13, 2012 at 12:13 PM, Linus Torvalds
<torvalds@xxxxxxxxxxxxxxxxxxxx> wrote:
> On Fri, Jan 13, 2012 at 12:05 PM, Andy Lutomirski <luto@xxxxxxxxxxxxxx> wrote:
>>
>> I'm confused.  The patch does "no security context changes on execve".
>
> So that's what I wanted and thought you did, but your comment:
>
>  "With my patch, selinux can already block the execve if it wants"
>
> is what I reacted to. The "selinux *can*" and the "if it wants" part
> was what made my hackles rise.
>
> If it is not about what selinux can and what selinux wants, I'm happy.
> The security manager shouldn't have any choices in the matter. No
> 'can', no 'want'.
>
> Your choice of words made me think your patch had left that door open.

Fair enough.

It's unavoidable that selinux can block the exec, though -- it could
prevent you from reading the file, in which case good luck execing it
:)

I'll respin this so that it doesn't oops if bisected with AppArmor
running.  Any maintainers want to pick it up?

--Andy
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/