On 10/07/2017 09:59, Salvatore Mesoraca wrote: > 2017-07-09 21:35 GMT+02:00 Mickaël Salaün <m...@digikod.net>: >> Hi, >> >> I think it make sense to merge the W^X features with the TPE/shebang LSM >> [1]. >> >> Regards, >> Mickaël >> >> [1] >> https://lkml.kernel.org/r/d9aca46b-97c6-4faf-b559-484feb4aa...@digikod.net > > Hi, > Can you elaborate why it would be an advantage to have those features merged? > They seem quite unrelated. > Also, they work in rather different ways in respect to how they are > configured. > I'm not sure what would be a reasonable way to merge them. > Thank you for your comment, > > Salvatore >
The aim of the Trusted Path Execution is to constraint calls to execve (e.g. forbid an user to execute his own binaries, i.e. apply a W^X security policy). This should handle binaries and could handle scripts too [1]. However, there is always a way for a process to mmap/mprotect arbitrary data and make it executable, be it intentional or not. PaX and the W^X part of your LSM can handle this, or make exceptions by marking a file with dedicated xattr values. This kind of exception fit well with TPE to get a more hardened executable security policy (e.g. forbid an user to execute his own binaries or to mmap arbitrary executable code). Moreover, TPE could handle some part of its configuration from some xattr values (e.g. allow scripts/interpreters, a whitelist of environment variables, additional memory restrictions…) as you do with SARA thanks to your tools. Mickaël [1] https://lkml.kernel.org/r/25278a42-736e-0d3b-8c0a-7b2b05ed7...@digikod.net
signature.asc
Description: OpenPGP digital signature
