[GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1

public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed

* [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1
@ 2025-01-16  0:18 Kees Cook
  2025-01-20  0:08 ` Sasha Levin
  2025-01-23  4:49 ` pr-tracker-bot
  0 siblings, 2 replies; 5+ messages in thread
From: Kees Cook @ 2025-01-16  0:18 UTC (permalink / raw)
  To: Linus Torvalds
  Cc: linux-kernel, Al Viro, Andy Lutomirski, Christian Brauner,
	Günther Noack, Jeff Xu, Kees Cook, Kees Cook,
	Mickaël Salaün, Mimi Zohar, Nícolas F. R. A. Prado,
	Paul Moore, Roberto Sassu, Serge Hallyn, Shuah Khan,
	Stefan Berger

Hi Linus,

Please pull the AT_EXECVE_CHECK introduction for v6.14-rc1. I split
this series from the core execve tree since it's had a life of its own
as it has progressed from O_MAY_EXEC. :) This provides userspace with
a way to opt in to performing "execability" checks for things that are
executable but don't pass through execve(2) (e.g. scripts, dlopen libs,
etc). It's seen quite a bit of discussion and review, and has lived in
-next for the entire dev cycle. Included is documentation, samples, and
extensive selftests.

Thanks!

-Kees

The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4:

  Linux 6.13-rc2 (2024-12-08 14:03:39 -0800)

are available in the Git repository at:

  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1

for you to fetch changes up to 95b3cdafd7cb74414070893445a9b731793f7b55:

  ima: instantiate the bprm_creds_for_exec() hook (2024-12-18 17:00:29 -0800)

----------------------------------------------------------------
AT_EXECVE_CHECK introduction for v6.14-rc1

- Implement AT_EXECVE_CHECK flag to execveat(2) (Mickaël Salaün)

- Implement EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits
  (Mickaël Salaün)

- Add selftests and samples for AT_EXECVE_CHECK (Mickaël Salaün)

----------------------------------------------------------------
Mickaël Salaün (7):
      exec: Add a new AT_EXECVE_CHECK flag to execveat(2)
      security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits
      selftests/exec: Add 32 tests for AT_EXECVE_CHECK and exec securebits
      selftests/landlock: Add tests for execveat + AT_EXECVE_CHECK
      samples/check-exec: Add set-exec
      selftests: ktap_helpers: Fix uninitialized variable
      samples/check-exec: Add an enlighten "inc" interpreter and 28 tests

Mimi Zohar (1):
      ima: instantiate the bprm_creds_for_exec() hook

 Documentation/userspace-api/check_exec.rst        | 144 +++++++
 Documentation/userspace-api/index.rst             |   1 +
 fs/exec.c                                         |  20 +-
 include/linux/binfmts.h                           |   7 +-
 include/uapi/linux/audit.h                        |   1 +
 include/uapi/linux/fcntl.h                        |   4 +
 include/uapi/linux/securebits.h                   |  24 +-
 samples/Kconfig                                   |   9 +
 samples/Makefile                                  |   1 +
 samples/check-exec/.gitignore                     |   2 +
 samples/check-exec/Makefile                       |  15 +
 samples/check-exec/inc.c                          | 205 ++++++++++
 samples/check-exec/run-script-ask.inc             |   9 +
 samples/check-exec/script-ask.inc                 |   5 +
 samples/check-exec/script-exec.inc                |   4 +
 samples/check-exec/script-noexec.inc              |   4 +
 samples/check-exec/set-exec.c                     |  85 ++++
 security/commoncap.c                              |  29 +-
 security/integrity/ima/ima_appraise.c             |  27 +-
 security/integrity/ima/ima_main.c                 |  29 ++
 security/security.c                               |  10 +
 tools/testing/selftests/exec/.gitignore           |   4 +
 tools/testing/selftests/exec/Makefile             |  19 +-
 tools/testing/selftests/exec/check-exec-tests.sh  | 205 ++++++++++
 tools/testing/selftests/exec/check-exec.c         | 456 ++++++++++++++++++++++
 tools/testing/selftests/exec/config               |   2 +
 tools/testing/selftests/exec/false.c              |   5 +
 tools/testing/selftests/kselftest/ktap_helpers.sh |   2 +-
 tools/testing/selftests/landlock/fs_test.c        |  27 ++
 29 files changed, 1341 insertions(+), 14 deletions(-)
 create mode 100644 Documentation/userspace-api/check_exec.rst
 create mode 100644 samples/check-exec/.gitignore
 create mode 100644 samples/check-exec/Makefile
 create mode 100644 samples/check-exec/inc.c
 create mode 100755 samples/check-exec/run-script-ask.inc
 create mode 100755 samples/check-exec/script-ask.inc
 create mode 100755 samples/check-exec/script-exec.inc
 create mode 100644 samples/check-exec/script-noexec.inc
 create mode 100644 samples/check-exec/set-exec.c
 create mode 100755 tools/testing/selftests/exec/check-exec-tests.sh
 create mode 100644 tools/testing/selftests/exec/check-exec.c
 create mode 100644 tools/testing/selftests/exec/config
 create mode 100644 tools/testing/selftests/exec/false.c

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1
  2025-01-16  0:18 [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 Kees Cook
@ 2025-01-20  0:08 ` Sasha Levin
  2025-01-20  9:03   ` Mickaël Salaün
  2025-01-23  4:49 ` pr-tracker-bot
  1 sibling, 1 reply; 5+ messages in thread
From: Sasha Levin @ 2025-01-20  0:08 UTC (permalink / raw)
  To: Kees Cook
  Cc: Linus Torvalds, linux-kernel, Al Viro, Andy Lutomirski,
	Christian Brauner, Günther Noack, Jeff Xu, Kees Cook,
	Mickaël Salaün, Mimi Zohar, Nícolas F. R. A. Prado,
	Paul Moore, Roberto Sassu, Serge Hallyn, Shuah Khan,
	Stefan Berger

On Wed, Jan 15, 2025 at 04:18:07PM -0800, Kees Cook wrote:
>Hi Linus,
>
>Please pull the AT_EXECVE_CHECK introduction for v6.14-rc1. I split
>this series from the core execve tree since it's had a life of its own
>as it has progressed from O_MAY_EXEC. :) This provides userspace with
>a way to opt in to performing "execability" checks for things that are
>executable but don't pass through execve(2) (e.g. scripts, dlopen libs,
>etc). It's seen quite a bit of discussion and review, and has lived in
>-next for the entire dev cycle. Included is documentation, samples, and
>extensive selftests.
>
>Thanks!
>
>-Kees
>
>The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4:
>
>  Linux 6.13-rc2 (2024-12-08 14:03:39 -0800)
>
>are available in the Git repository at:
>
>  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1

Hey Kees,

LKFT has caught a build error with one of the samples:

/builds/linux/samples/check-exec/inc.c: In function 'interpret_stream':
/builds/linux/samples/check-exec/inc.c:81:8: warning: implicit declaration of function 'execveat'; did you mean 'execve'? [-Wimplicit-function-declaration]
   err = execveat(fileno(script), "", script_argv, envp,
         ^~~~~~~~
         execve

The full log is here: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-511-g109a8e0fa9d6/testrun/26809210/suite/build/test/gcc-8-allyesconfig/log

-- 
Thanks,
Sasha

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1
  2025-01-20  0:08 ` Sasha Levin
@ 2025-01-20  9:03   ` Mickaël Salaün
  2025-01-20 21:39     ` Kees Cook
  0 siblings, 1 reply; 5+ messages in thread
From: Mickaël Salaün @ 2025-01-20  9:03 UTC (permalink / raw)
  To: Sasha Levin
  Cc: Kees Cook, Linus Torvalds, linux-kernel, Al Viro, Andy Lutomirski,
	Christian Brauner, Günther Noack, Jeff Xu, Kees Cook,
	Mimi Zohar, Nícolas F. R. A. Prado, Paul Moore,
	Roberto Sassu, Serge Hallyn, Shuah Khan, Stefan Berger,
	Nathan Chancellor

On Sun, Jan 19, 2025 at 07:08:54PM -0500, Sasha Levin wrote:
> On Wed, Jan 15, 2025 at 04:18:07PM -0800, Kees Cook wrote:
> > Hi Linus,
> > 
> > Please pull the AT_EXECVE_CHECK introduction for v6.14-rc1. I split
> > this series from the core execve tree since it's had a life of its own
> > as it has progressed from O_MAY_EXEC. :) This provides userspace with
> > a way to opt in to performing "execability" checks for things that are
> > executable but don't pass through execve(2) (e.g. scripts, dlopen libs,
> > etc). It's seen quite a bit of discussion and review, and has lived in
> > -next for the entire dev cycle. Included is documentation, samples, and
> > extensive selftests.
> > 
> > Thanks!
> > 
> > -Kees
> > 
> > The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4:
> > 
> >  Linux 6.13-rc2 (2024-12-08 14:03:39 -0800)
> > 
> > are available in the Git repository at:
> > 
> >  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1
> 
> Hey Kees,
> 
> LKFT has caught a build error with one of the samples:
> 
> /builds/linux/samples/check-exec/inc.c: In function 'interpret_stream':
> /builds/linux/samples/check-exec/inc.c:81:8: warning: implicit declaration of function 'execveat'; did you mean 'execve'? [-Wimplicit-function-declaration]
>   err = execveat(fileno(script), "", script_argv, envp,
>         ^~~~~~~~
>         execve
> 
> The full log is here: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-511-g109a8e0fa9d6/testrun/26809210/suite/build/test/gcc-8-allyesconfig/log

Hi Sasha,

Nathan caught this sample build issue last week too.  The fix is here:
https://lore.kernel.org/r/20250115144753.311152-1-mic@digikod.net

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1
  2025-01-20  9:03   ` Mickaël Salaün
@ 2025-01-20 21:39     ` Kees Cook
  0 siblings, 0 replies; 5+ messages in thread
From: Kees Cook @ 2025-01-20 21:39 UTC (permalink / raw)
  To: Mickaël Salaün
  Cc: Sasha Levin, Linus Torvalds, linux-kernel, Al Viro,
	Andy Lutomirski, Christian Brauner, Günther Noack, Jeff Xu,
	Mimi Zohar, Nícolas F. R. A. Prado, Paul Moore,
	Roberto Sassu, Serge Hallyn, Shuah Khan, Stefan Berger,
	Nathan Chancellor

On Mon, Jan 20, 2025 at 10:03:07AM +0100, Mickaël Salaün wrote:
> On Sun, Jan 19, 2025 at 07:08:54PM -0500, Sasha Levin wrote:
> > On Wed, Jan 15, 2025 at 04:18:07PM -0800, Kees Cook wrote:
> > > Hi Linus,
> > > 
> > > Please pull the AT_EXECVE_CHECK introduction for v6.14-rc1. I split
> > > this series from the core execve tree since it's had a life of its own
> > > as it has progressed from O_MAY_EXEC. :) This provides userspace with
> > > a way to opt in to performing "execability" checks for things that are
> > > executable but don't pass through execve(2) (e.g. scripts, dlopen libs,
> > > etc). It's seen quite a bit of discussion and review, and has lived in
> > > -next for the entire dev cycle. Included is documentation, samples, and
> > > extensive selftests.
> > > 
> > > Thanks!
> > > 
> > > -Kees
> > > 
> > > The following changes since commit fac04efc5c793dccbd07e2d59af9f90b7fc0dca4:
> > > 
> > >  Linux 6.13-rc2 (2024-12-08 14:03:39 -0800)
> > > 
> > > are available in the Git repository at:
> > > 
> > >  https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1
> > 
> > Hey Kees,
> > 
> > LKFT has caught a build error with one of the samples:
> > 
> > /builds/linux/samples/check-exec/inc.c: In function 'interpret_stream':
> > /builds/linux/samples/check-exec/inc.c:81:8: warning: implicit declaration of function 'execveat'; did you mean 'execve'? [-Wimplicit-function-declaration]
> >   err = execveat(fileno(script), "", script_argv, envp,
> >         ^~~~~~~~
> >         execve
> > 
> > The full log is here: https://qa-reports.linaro.org/lkft/sashal-linus-next/build/v6.13-rc7-511-g109a8e0fa9d6/testrun/26809210/suite/build/test/gcc-8-allyesconfig/log
> 
> Hi Sasha,
> 
> Nathan caught this sample build issue last week too.  The fix is here:
> https://lore.kernel.org/r/20250115144753.311152-1-mic@digikod.net

I intend to get the fix to Linus as soon as he looks at the original PR. I
don't want to create churn here. If it gets pulled, I'll send the fix. If
it gets dropped, we can add the fix to the tree and see where we stand.

-- 
Kees Cook

^ permalink raw reply	[flat|nested] 5+ messages in thread

* Re: [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1
  2025-01-16  0:18 [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 Kees Cook
  2025-01-20  0:08 ` Sasha Levin
@ 2025-01-23  4:49 ` pr-tracker-bot
  1 sibling, 0 replies; 5+ messages in thread
From: pr-tracker-bot @ 2025-01-23  4:49 UTC (permalink / raw)
  To: Kees Cook
  Cc: Linus Torvalds, linux-kernel, Al Viro, Andy Lutomirski,
	Christian Brauner, Günther Noack, Jeff Xu, Kees Cook,
	Kees Cook, Mickaël Salaün, Mimi Zohar,
	Nícolas F. R. A. Prado, Paul Moore, Roberto Sassu,
	Serge Hallyn, Shuah Khan, Stefan Berger

The pull request you sent on Wed, 15 Jan 2025 16:18:07 -0800:

> https://git.kernel.org/pub/scm/linux/kernel/git/kees/linux.git tags/AT_EXECVE_CHECK-v6.14-rc1

has been merged into torvalds/linux.git:
https://git.kernel.org/torvalds/c/21266b8df5224c4f677acf9f353eecc9094731f0

Thank you!

-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/prtracker.html

^ permalink raw reply	[flat|nested] 5+ messages in thread

end of thread, other threads:[~2025-01-23  4:48 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2025-01-16  0:18 [GIT PULL] AT_EXECVE_CHECK introduction for v6.14-rc1 Kees Cook
2025-01-20  0:08 ` Sasha Levin
2025-01-20  9:03   ` Mickaël Salaün
2025-01-20 21:39     ` Kees Cook
2025-01-23  4:49 ` pr-tracker-bot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox