* [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1
@ 2025-01-16 0:18 Kees Cook
2025-01-20 0:08 ` Sasha Levin
2025-01-23 4:49 ` pr-tracker-bot
0 siblings, 2 replies; 5+ messages in thread
From: Kees Cook @ 2025-01-16 0:18 UTC (permalink / raw)
To: Linus Torvalds
Cc: linux-kernel, Al Viro, Andy Lutomirski, Christian Brauner,
Günther Noack, Jeff Xu, Kees Cook, Kees Cook,
Mickaël Salaün, Mimi Zohar, Nícolas F. R. A. Prado,
Paul Moore, Roberto Sassu, Serge Hallyn, Shuah Khan,
Stefan Berger
Hi Linus,
Please pull the AT_EXECVE_CHECK introduction for v6.14-rc1. I split
this series from the core execve tree since it's had a life of its own
as it has progressed from O_MAY_EXEC. :) This provides userspace with
a way to opt in to performing "execability" checks for things that are
executable but don't pass through execve(2) (e.g. scripts, dlopen libs,
etc). It's seen quite a bit of discussion and review, and has lived in
-next for the entire dev cycle. Included is documentation, samples, and
extensive selftests.
Thanks!
-Kees
The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4:
Linux 6.13-rc2 (2024-12-08 14:03:39 -0800)
are available in the Git repository at:
https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1
for you to fetch changes up to 95b3cdafd7cb74414070893445a9b731793f7b55:
ima: instantiate the bprm_creds_for_exec() hook (2024-12-18 17:00:29 -0800)
----------------------------------------------------------------
AT_EXECVE_CHECK introduction for v6.14-rc1
- Implement AT_EXECVE_CHECK flag to execveat(2) (Mickaël Salaün)
- Implement EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits
(Mickaël Salaün)
- Add selftests and samples for AT_EXECVE_CHECK (Mickaël Salaün)
----------------------------------------------------------------
Mickaël Salaün (7):
exec: Add a new AT_EXECVE_CHECK flag to execveat(2)
security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits
selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits
selftests/landlock: Add tests for execveat + AT_EXECVE_CHECK
samples/check-exec: Add set-exec
selftests: ktap_helpers: Fix uninitialized variable
samples/check-exec: Add an enlighten "inc" interpreter and 28 tests
Mimi Zohar (1):
ima: instantiate the bprm_creds_for_exec() hook
Documentation/userspace-api/check_exec.rst | 144 +++++++
Documentation/userspace-api/index.rst | 1 +
fs/exec.c | 20 +-
include/linux/binfmts.h | 7 +-
include/uapi/linux/audit.h | 1 +
include/uapi/linux/fcntl.h | 4 +
include/uapi/linux/securebits.h | 24 +-
samples/Kconfig | 9 +
samples/Makefile | 1 +
samples/check-exec/.gitignore | 2 +
samples/check-exec/Makefile | 15 +
samples/check-exec/inc.c | 205 ++++++++++
samples/check-exec/run-script-ask.inc | 9 +
samples/check-exec/script-ask.inc | 5 +
samples/check-exec/script-exec.inc | 4 +
samples/check-exec/script-noexec.inc | 4 +
samples/check-exec/set-exec.c | 85 ++++
security/commoncap.c | 29 +-
security/integrity/ima/ima_appraise.c | 27 +-
security/integrity/ima/ima_main.c | 29 ++
security/security.c | 10 +
tools/testing/selftests/exec/.gitignore | 4 +
tools/testing/selftests/exec/Makefile | 19 +-
tools/testing/selftests/exec/check-exec-tests.sh | 205 ++++++++++
tools/testing/selftests/exec/check-exec.c | 456 ++++++++++++++++++++++
tools/testing/selftests/exec/config | 2 +
tools/testing/selftests/exec/false.c | 5 +
tools/testing/selftests/kselftest/ktap_helpers.sh | 2 +-
tools/testing/selftests/landlock/fs_test.c | 27 ++
29 files changed, 1341 insertions(+), 14 deletions(-)
create mode 100644 Documentation/userspace-api/check_exec.rst
create mode 100644 samples/check-exec/.gitignore
create mode 100644 samples/check-exec/Makefile
create mode 100644 samples/check-exec/inc.c
create mode 100755 samples/check-exec/run-script-ask.inc
create mode 100755 samples/check-exec/script-ask.inc
create mode 100755 samples/check-exec/script-exec.inc
create mode 100644 samples/check-exec/script-noexec.inc
create mode 100644 samples/check-exec/set-exec.c
create mode 100755 tools/testing/selftests/exec/check-exec-tests.sh
create mode 100644 tools/testing/selftests/exec/check-exec.c
create mode 100644 tools/testing/selftests/exec/config
create mode 100644 tools/testing/selftests/exec/false.c
--
Kees Cook
^ permalink raw reply [flat|nested] 5+ messages in thread* Re: [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 2025-01-16 0:18 [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 Kees Cook @ 2025-01-20 0:08 ` Sasha Levin 2025-01-20 9:03 ` Mickaël Salaün 2025-01-23 4:49 ` pr-tracker-bot 1 sibling, 1 reply; 5+ messages in thread From: Sasha Levin @ 2025-01-20 0:08 UTC (permalink / raw) To: Kees Cook Cc: Linus Torvalds, linux-kernel, Al Viro, Andy Lutomirski, Christian Brauner, Günther Noack, Jeff Xu, Kees Cook, Mickaël Salaün, Mimi Zohar, Nícolas F. R. A. Prado, Paul Moore, Roberto Sassu, Serge Hallyn, Shuah Khan, Stefan Berger On Wed, Jan 15, 2025 at 04:18:07PM -0800, Kees Cook wrote: >Hi Linus, > >Please pull the AT_EXECVE_CHECK introduction for v6.14-rc1. I split >this series from the core execve tree since it's had a life of its own >as it has progressed from O_MAY_EXEC. :) This provides userspace with >a way to opt in to performing "execability" checks for things that are >executable but don't pass through execve(2) (e.g. scripts, dlopen libs, >etc). It's seen quite a bit of discussion and review, and has lived in >-next for the entire dev cycle. Included is documentation, samples, and >extensive selftests. > >Thanks! > >-Kees > >The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4: > > Linux 6.13-rc2 (2024-12-08 14:03:39 -0800) > >are available in the Git repository at: > > https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1 Hey Kees, LKFT has caught a build error with one of the samples: /builds/linux/samples/check-exec/inc.c: In function 'interpret_stream': /builds/linux/samples/check-exec/inc.c:81:8: warning: implicit declaration of function 'execveat'; did you mean 'execve'? [-Wimplicit-function-declaration] err = execveat(fileno(script), "", script_argv, envp, ^~~~~~~~ execve The full log is here: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-511-g109a8e0fa9d6/testrun/26809210/suite/build/test/gcc-8-allyesconfig/log -- Thanks, Sasha ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 2025-01-20 0:08 ` Sasha Levin @ 2025-01-20 9:03 ` Mickaël Salaün 2025-01-20 21:39 ` Kees Cook 0 siblings, 1 reply; 5+ messages in thread From: Mickaël Salaün @ 2025-01-20 9:03 UTC (permalink / raw) To: Sasha Levin Cc: Kees Cook, Linus Torvalds, linux-kernel, Al Viro, Andy Lutomirski, Christian Brauner, Günther Noack, Jeff Xu, Kees Cook, Mimi Zohar, Nícolas F. R. A. Prado, Paul Moore, Roberto Sassu, Serge Hallyn, Shuah Khan, Stefan Berger, Nathan Chancellor On Sun, Jan 19, 2025 at 07:08:54PM -0500, Sasha Levin wrote: > On Wed, Jan 15, 2025 at 04:18:07PM -0800, Kees Cook wrote: > > Hi Linus, > > > > Please pull the AT_EXECVE_CHECK introduction for v6.14-rc1. I split > > this series from the core execve tree since it's had a life of its own > > as it has progressed from O_MAY_EXEC. :) This provides userspace with > > a way to opt in to performing "execability" checks for things that are > > executable but don't pass through execve(2) (e.g. scripts, dlopen libs, > > etc). It's seen quite a bit of discussion and review, and has lived in > > -next for the entire dev cycle. Included is documentation, samples, and > > extensive selftests. > > > > Thanks! > > > > -Kees > > > > The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4: > > > > Linux 6.13-rc2 (2024-12-08 14:03:39 -0800) > > > > are available in the Git repository at: > > > > https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1 > > Hey Kees, > > LKFT has caught a build error with one of the samples: > > /builds/linux/samples/check-exec/inc.c: In function 'interpret_stream': > /builds/linux/samples/check-exec/inc.c:81:8: warning: implicit declaration of function 'execveat'; did you mean 'execve'? [-Wimplicit-function-declaration] > err = execveat(fileno(script), "", script_argv, envp, > ^~~~~~~~ > execve > > The full log is here: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-511-g109a8e0fa9d6/testrun/26809210/suite/build/test/gcc-8-allyesconfig/log Hi Sasha, Nathan caught this sample build issue last week too. The fix is here: https://lore.kernel.org/r/20250115144753.311152-1-mic@digikod.net ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 2025-01-20 9:03 ` Mickaël Salaün @ 2025-01-20 21:39 ` Kees Cook 0 siblings, 0 replies; 5+ messages in thread From: Kees Cook @ 2025-01-20 21:39 UTC (permalink / raw) To: Mickaël Salaün Cc: Sasha Levin, Linus Torvalds, linux-kernel, Al Viro, Andy Lutomirski, Christian Brauner, Günther Noack, Jeff Xu, Mimi Zohar, Nícolas F. R. A. Prado, Paul Moore, Roberto Sassu, Serge Hallyn, Shuah Khan, Stefan Berger, Nathan Chancellor On Mon, Jan 20, 2025 at 10:03:07AM +0100, Mickaël Salaün wrote: > On Sun, Jan 19, 2025 at 07:08:54PM -0500, Sasha Levin wrote: > > On Wed, Jan 15, 2025 at 04:18:07PM -0800, Kees Cook wrote: > > > Hi Linus, > > > > > > Please pull the AT_EXECVE_CHECK introduction for v6.14-rc1. I split > > > this series from the core execve tree since it's had a life of its own > > > as it has progressed from O_MAY_EXEC. :) This provides userspace with > > > a way to opt in to performing "execability" checks for things that are > > > executable but don't pass through execve(2) (e.g. scripts, dlopen libs, > > > etc). It's seen quite a bit of discussion and review, and has lived in > > > -next for the entire dev cycle. Included is documentation, samples, and > > > extensive selftests. > > > > > > Thanks! > > > > > > -Kees > > > > > > The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4: > > > > > > Linux 6.13-rc2 (2024-12-08 14:03:39 -0800) > > > > > > are available in the Git repository at: > > > > > > https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1 > > > > Hey Kees, > > > > LKFT has caught a build error with one of the samples: > > > > /builds/linux/samples/check-exec/inc.c: In function 'interpret_stream': > > /builds/linux/samples/check-exec/inc.c:81:8: warning: implicit declaration of function 'execveat'; did you mean 'execve'? [-Wimplicit-function-declaration] > > err = execveat(fileno(script), "", script_argv, envp, > > ^~~~~~~~ > > execve > > > > The full log is here: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-511-g109a8e0fa9d6/testrun/26809210/suite/build/test/gcc-8-allyesconfig/log > > Hi Sasha, > > Nathan caught this sample build issue last week too. The fix is here: > https://lore.kernel.org/r/20250115144753.311152-1-mic@digikod.net I intend to get the fix to Linus as soon as he looks at the original PR. I don't want to create churn here. If it gets pulled, I'll send the fix. If it gets dropped, we can add the fix to the tree and see where we stand. -- Kees Cook ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 2025-01-16 0:18 [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 Kees Cook 2025-01-20 0:08 ` Sasha Levin @ 2025-01-23 4:49 ` pr-tracker-bot 1 sibling, 0 replies; 5+ messages in thread From: pr-tracker-bot @ 2025-01-23 4:49 UTC (permalink / raw) To: Kees Cook Cc: Linus Torvalds, linux-kernel, Al Viro, Andy Lutomirski, Christian Brauner, Günther Noack, Jeff Xu, Kees Cook, Kees Cook, Mickaël Salaün, Mimi Zohar, Nícolas F. R. A. Prado, Paul Moore, Roberto Sassu, Serge Hallyn, Shuah Khan, Stefan Berger The pull request you sent on Wed, 15 Jan 2025 16:18:07 -0800: > https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1 has been merged into torvalds/linux.git: https://git.kernel.org/torvalds/c/21266b8df5224c4f677acf9f353eecc9094731f0 Thank you! -- Deet-doot-dot, I am a bot. https://korg.docs.kernel.org/prtracker.html ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-01-23 4:48 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-01-16 0:18 [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 Kees Cook 2025-01-20 0:08 ` Sasha Levin 2025-01-20 9:03 ` Mickaël Salaün 2025-01-20 21:39 ` Kees Cook 2025-01-23 4:49 ` pr-tracker-bot
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox