[PATCH v3 1/3] LSM: add security_execve_abort() hook

Tue Jun 11 13:10:06 UTC 2024

On 2024/06/11 5:44, Paul Moore wrote:
>> diff --git a/fs/exec.c b/fs/exec.c
>> index 40073142288f..7ec13b104960 100644
>> --- a/fs/exec.c
>> +++ b/fs/exec.c
>> @@ -1532,6 +1532,7 @@ static void do_close_execat(struct file *file)
>>
>>  static void free_bprm(struct linux_binprm *bprm)
>>  {
>> +       security_bprm_free(bprm);
>>         if (bprm->mm) {
>>                 acct_arg_size(bprm, 0);
>>                 mmput(bprm->mm);
>>
> 
> Tetsuo, it's been a while since we've heard from you in this thread -
> are you still planning to work on this?  If not, would you object if
> someone else took over this patchset?
> 

You are going to merge static call patches first (though I call it a regression),
aren't you? For me, reviving dynamically appendable hooks (which is about to be
killed by static call patches) has the higher priority than adding
security_bprm_free() hook.