From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.0 required=3.0 tests=BAYES_00, HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE, SPF_PASS,URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8A07BC433E8 for ; Thu, 16 Jul 2020 14:40:24 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by mail.kernel.org (Postfix) with ESMTP id 742F920899 for ; Thu, 16 Jul 2020 14:40:24 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729147AbgGPOkX (ORCPT ); Thu, 16 Jul 2020 10:40:23 -0400 Received: from smtp-42a8.mail.infomaniak.ch ([84.16.66.168]:59397 "EHLO smtp-42a8.mail.infomaniak.ch" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728589AbgGPOkX (ORCPT ); Thu, 16 Jul 2020 10:40:23 -0400 Received: from smtp-2-0000.mail.infomaniak.ch (unknown [10.5.36.107]) by smtp-3-3000.mail.infomaniak.ch (Postfix) with ESMTPS id 4B6xkF2jzzzlhmrL; Thu, 16 Jul 2020 16:40:21 +0200 (CEST) Received: from ns3096276.ip-94-23-54.eu (unknown [94.23.54.103]) by smtp-2-0000.mail.infomaniak.ch (Postfix) with ESMTPA id 4B6xk81XMmzlh8TQ; Thu, 16 Jul 2020 16:40:16 +0200 (CEST) Subject: Re: [PATCH v6 7/7] ima: add policy support for the new file open MAY_OPENEXEC flag To: Kees Cook Cc: linux-kernel@vger.kernel.org, Aleksa Sarai , Alexei Starovoitov , Al Viro , Andrew Morton , Andy Lutomirski , Christian Brauner , Christian Heimes , Daniel Borkmann , Deven Bowers , Dmitry Vyukov , Eric Biggers , Eric Chiang , Florian Weimer , James Morris , Jan Kara , Jann Horn , Jonathan Corbet , Lakshmi Ramasubramanian , Matthew Garrett , Matthew Wilcox , Michael Kerrisk , =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= , Mimi Zohar , =?UTF-8?Q?Philippe_Tr=c3=a9buchet?= , Scott Shell , Sean Christopherson , Shuah Khan , Steve Dower , Steve Grubb , Tetsuo Handa , Thibaut Sautereau , Vincent Strubel , kernel-hardening@lists.openwall.com, linux-api@vger.kernel.org, linux-integrity@vger.kernel.org, linux-security-module@vger.kernel.org, linux-fsdevel@vger.kernel.org References: <20200714181638.45751-1-mic@digikod.net> <20200714181638.45751-8-mic@digikod.net> <202007151339.283D7CD@keescook> From: =?UTF-8?Q?Micka=c3=abl_Sala=c3=bcn?= Message-ID: <8df69733-0088-3e3c-9c3d-2610414cea2b@digikod.net> Date: Thu, 16 Jul 2020 16:40:15 +0200 User-Agent: MIME-Version: 1.0 In-Reply-To: <202007151339.283D7CD@keescook> Content-Type: text/plain; charset=iso-8859-15 Content-Language: fr Content-Transfer-Encoding: 8bit X-Antivirus: Dr.Web (R) for Unix mail servers drweb plugin ver.6.0.2.8 X-Antivirus-Code: 0x100000 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 15/07/2020 22:40, Kees Cook wrote: > On Tue, Jul 14, 2020 at 08:16:38PM +0200, Mickaël Salaün wrote: >> From: Mimi Zohar >> >> The kernel has no way of differentiating between a file containing data >> or code being opened by an interpreter. The proposed O_MAYEXEC >> openat2(2) flag bridges this gap by defining and enabling the >> MAY_OPENEXEC flag. >> >> This patch adds IMA policy support for the new MAY_OPENEXEC flag. >> >> Example: >> measure func=FILE_CHECK mask=^MAY_OPENEXEC >> appraise func=FILE_CHECK appraise_type=imasig mask=^MAY_OPENEXEC >> >> Signed-off-by: Mimi Zohar >> Reviewed-by: Lakshmi Ramasubramanian >> Acked-by: Mickaël Salaün > > (Process nit: if you're sending this on behalf of another author, then > this should be Signed-off-by rather than Acked-by.) I'm not a co-author of this patch.