[GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

From: Kees Cook <kees@kernel.org>
To: Linus Torvalds <torvalds@linux-foundation.org>
Cc: linux-kernel@vger.kernel.org, "Al Viro" <viro@zeniv.linux.org.uk>,
	"Andy Lutomirski" <luto@amacapital.net>,
	"Christian Brauner" <brauner@kernel.org>,
	"Günther Noack" <gnoack@google.com>,
	"Jeff Xu" <jeffxu@chromium.org>,
	"Kees Cook" <keescook@chromium.org>,
	"Kees Cook" <kees@kernel.org>, "Mickaël Salaün" <mic@digikod.net>,
	"Mimi Zohar" <zohar@linux.ibm.com>,
	"Nícolas F. R. A. Prado" <nfraprado@collabora.com>,
	"Paul Moore" <paul@paul-moore.com>,
	"Roberto Sassu" <roberto.sassu@huawei.com>,
	"Serge Hallyn" <serge@hallyn.com>,
	"Shuah Khan" <skhan@linuxfoundation.org>,
	"Stefan Berger" <stefanb@linux.ibm.com>
Subject: [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1
Date: Wed, 15 Jan 2025 16:18:07 -0800	[thread overview]
Message-ID: <202501151612.CE6D0686@keescook> (raw)

Hi Linus,

Please pull the AT_EXECVE_CHECK introduction for v6.14-rc1. I split
this series from the core execve tree since it's had a life of its own
as it has progressed from O_MAY_EXEC. :) This provides userspace with
a way to opt in to performing "execability" checks for things that are
executable but don't pass through execve(2) (e.g. scripts, dlopen libs,
etc). It's seen quite a bit of discussion and review, and has lived in
-next for the entire dev cycle. Included is documentation, samples, and
extensive selftests.

Thanks!

-Kees

The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4:

  Linux 6.13-rc2 (2024-12-08 14:03:39 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1

for you to fetch changes up to 95b3cdafd7cb74414070893445a9b731793f7b55:

  ima: instantiate the bprm_creds_for_exec() hook (2024-12-18 17:00:29 -0800)

----------------------------------------------------------------
AT_EXECVE_CHECK introduction for v6.14-rc1

- Implement AT_EXECVE_CHECK flag to execveat(2) (Mickaël Salaün)

- Implement EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits
  (Mickaël Salaün)

- Add selftests and samples for AT_EXECVE_CHECK (Mickaël Salaün)

----------------------------------------------------------------
Mickaël Salaün (7):
      exec: Add a new AT_EXECVE_CHECK flag to execveat(2)
      security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits
      selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits
      selftests/landlock: Add tests for execveat + AT_EXECVE_CHECK
      samples/check-exec: Add set-exec
      selftests: ktap_helpers: Fix uninitialized variable
      samples/check-exec: Add an enlighten "inc" interpreter and 28 tests

Mimi Zohar (1):
      ima: instantiate the bprm_creds_for_exec() hook

 Documentation/userspace-api/check_exec.rst        | 144 +++++++
 Documentation/userspace-api/index.rst             |   1 +
 fs/exec.c                                         |  20 +-
 include/linux/binfmts.h                           |   7 +-
 include/uapi/linux/audit.h                        |   1 +
 include/uapi/linux/fcntl.h                        |   4 +
 include/uapi/linux/securebits.h                   |  24 +-
 samples/Kconfig                                   |   9 +
 samples/Makefile                                  |   1 +
 samples/check-exec/.gitignore                     |   2 +
 samples/check-exec/Makefile                       |  15 +
 samples/check-exec/inc.c                          | 205 ++++++++++
 samples/check-exec/run-script-ask.inc             |   9 +
 samples/check-exec/script-ask.inc                 |   5 +
 samples/check-exec/script-exec.inc                |   4 +
 samples/check-exec/script-noexec.inc              |   4 +
 samples/check-exec/set-exec.c                     |  85 ++++
 security/commoncap.c                              |  29 +-
 security/integrity/ima/ima_appraise.c             |  27 +-
 security/integrity/ima/ima_main.c                 |  29 ++
 security/security.c                               |  10 +
 tools/testing/selftests/exec/.gitignore           |   4 +
 tools/testing/selftests/exec/Makefile             |  19 +-
 tools/testing/selftests/exec/check-exec-tests.sh  | 205 ++++++++++
 tools/testing/selftests/exec/check-exec.c         | 456 ++++++++++++++++++++++
 tools/testing/selftests/exec/config               |   2 +
 tools/testing/selftests/exec/false.c              |   5 +
 tools/testing/selftests/kselftest/ktap_helpers.sh |   2 +-
 tools/testing/selftests/landlock/fs_test.c        |  27 ++
 29 files changed, 1341 insertions(+), 14 deletions(-)
 create mode 100644 Documentation/userspace-api/check_exec.rst
 create mode 100644 samples/check-exec/.gitignore
 create mode 100644 samples/check-exec/Makefile
 create mode 100644 samples/check-exec/inc.c
 create mode 100755 samples/check-exec/run-script-ask.inc
 create mode 100755 samples/check-exec/script-ask.inc
 create mode 100755 samples/check-exec/script-exec.inc
 create mode 100644 samples/check-exec/script-noexec.inc
 create mode 100644 samples/check-exec/set-exec.c
 create mode 100755 tools/testing/selftests/exec/check-exec-tests.sh
 create mode 100644 tools/testing/selftests/exec/check-exec.c
 create mode 100644 tools/testing/selftests/exec/config
 create mode 100644 tools/testing/selftests/exec/false.c

-- 
Kees Cook

next             reply	other threads:[~2025-01-16  0:18 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2025-01-16  0:18 Kees Cook [this message]
2025-01-20  0:08 ` [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 Sasha Levin
2025-01-20  9:03   ` Mickaël Salaün
2025-01-20 21:39     ` Kees Cook
2025-01-23  4:49 ` pr-tracker-bot

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=202501151612.CE6D0686@keescook \
    --to=kees@kernel.org \
    --cc=brauner@kernel.org \
    --cc=gnoack@google.com \
    --cc=jeffxu@chromium.org \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=luto@amacapital.net \
    --cc=mic@digikod.net \
    --cc=nfraprado@collabora.com \
    --cc=paul@paul-moore.com \
    --cc=roberto.sassu@huawei.com \
    --cc=serge@hallyn.com \
    --cc=skhan@linuxfoundation.org \
    --cc=stefanb@linux.ibm.com \
    --cc=torvalds@linux-foundation.org \
    --cc=viro@zeniv.linux.org.uk \
    --cc=zohar@linux.ibm.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox