[RFC PATCH v8 0/3] Add support for AT_INTERPRETED (was O_MAYEXEC)
Al Viro
viro at zeniv.linux.org.uk
Tue Sep 8 18:50:26 UTC 2020
On Tue, Sep 08, 2020 at 09:59:53AM +0200, Mickaël Salaün wrote:
> Hi,
>
> This height patch series rework the previous O_MAYEXEC series by not
> adding a new flag to openat2(2) but to faccessat2(2) instead. As
> suggested, this enables to perform the access check on a file descriptor
> instead of on a file path (while opening it). This may require two
> checks (one on open and then with faccessat2) but it is a more generic
> approach [8].
Again, why is that folded into lookup/open/whatnot, rather than being
an operation applied to a file (e.g. O_PATH one)?
More information about the Linux-security-module-archive
mailing list