Re: [PATCH v1] shebang: restrict python interactive prompt/interpreter

From: Mimi Zohar
Date: Mon Jun 12 2017 - 10:28:04 EST

Next message: Vincent Guittot: "Re: [PATCH 2/6] drivers base/arch_topology: frequency-invariant load-tracking support"
Previous message: Phil Elwell: "[PATCH v2 4/4] ARM: dts: bcm283x: Add and use bcm2835-aux-intc"
In reply to: Mimi Zohar: "Re: [PATCH v1] shebang: restrict python interactive prompt/interpreter"
Next in thread: MickaÃl SalaÃn: "Re: [PATCH v1] shebang: restrict python interactive prompt/interpreter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 2017-06-11 at 22:32 -0400, Mimi Zohar wrote:
> On Sun, 2017-06-11 at 13:44 +0200, MickaÃl SalaÃn wrote:

> > Using filesystem xattr seems like a good idea for this kind of
> > exceptions and instead of a hardcoded interpreter path. Something like
> > "security.tpe.interpreter=1|2" (bitmask for interpreter-only and/or CLI)
> > and "security.tpe.environment=HOME,LOGNAME" would be quite flexible to
> > configure a security policy for some binaries. This could also be
> > protected by IMA/EVM, if needed.
>
> Checking for the existence of an xattr without caching is relatively
> slow. ÂI'm not sure that we would want to go this route.
Â
For identifying interpreters, xattrs would be too slow (without
caching results), but once identified, using xattrs as you suggested,
for specifying how interpreters can be invoked and limiting
environment variables, is a good idea. ÂPerhaps the two xattrs could
be combined?

Mimi

Next message: Vincent Guittot: "Re: [PATCH 2/6] drivers base/arch_topology: frequency-invariant load-tracking support"
Previous message: Phil Elwell: "[PATCH v2 4/4] ARM: dts: bcm283x: Add and use bcm2835-aux-intc"
In reply to: Mimi Zohar: "Re: [PATCH v1] shebang: restrict python interactive prompt/interpreter"
Next in thread: MickaÃl SalaÃn: "Re: [PATCH v1] shebang: restrict python interactive prompt/interpreter"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]