On 12/06/2017 16:27, Mimi Zohar wrote: > On Sun, 2017-06-11 at 22:32 -0400, Mimi Zohar wrote: >> On Sun, 2017-06-11 at 13:44 +0200, Mickaël Salaün wrote: > >>> Using filesystem xattr seems like a good idea for this kind of >>> exceptions and instead of a hardcoded interpreter path. Something like >>> "security.tpe.interpreter=1|2" (bitmask for interpreter-only and/or CLI) >>> and "security.tpe.environment=HOME,LOGNAME" would be quite flexible to >>> configure a security policy for some binaries. This could also be >>> protected by IMA/EVM, if needed. >> >> Checking for the existence of an xattr without caching is relatively >> slow. I'm not sure that we would want to go this route. > > For identifying interpreters, xattrs would be too slow (without > caching results), but once identified, using xattrs as you suggested, > for specifying how interpreters can be invoked and limiting > environment variables, is a good idea. Perhaps the two xattrs could > be combined?
Yes, caching results is definitely interesting. I think using one variable per usage is cleaner, though.
signature.asc
Description: OpenPGP digital signature