[RFC PATCH v8 0/3] Add support for AT_INTERPRETED (was O_MAYEXEC)

Al Viro viro at zeniv.linux.org.uk
Tue Sep 8 18:50:26 UTC 2020


On Tue, Sep 08, 2020 at 09:59:53AM +0200, Mickaël Salaün wrote:
> Hi,
> 
> This height patch series rework the previous O_MAYEXEC series by not
> adding a new flag to openat2(2) but to faccessat2(2) instead.  As
> suggested, this enables to perform the access check on a file descriptor
> instead of on a file path (while opening it).  This may require two
> checks (one on open and then with faccessat2) but it is a more generic
> approach [8].

Again, why is that folded into lookup/open/whatnot, rather than being
an operation applied to a file (e.g. O_PATH one)?



More information about the Linux-security-module-archive mailing list