• [$] Restricting execution of scripts the third approach

    From LWN.net@1337:1/100 to All on Friday, July 19, 2024 15:15:05
    [$] Restricting execution of scripts the third approach

    Date:
    Fri, 19 Jul 2024 14:05:43 +0000

    Description:
    The kernel will not consent to execute just any file that happens to be
    sitting in a filesystem; there are formalities, such as the checking of
    execute permission and consulting security policies, to get through first.
    On some systems, security policies have been established to limit execution
    to specifically approved programs. But there are files that are not
    executed directly by the kernel; these include scripts fed to language interpreters like Python, Perl, or a shell. An attacker who is able to get
    an interpreter to execute a file may be able to bypass a system's security policies. Mickal Salan has been working on closing this hole for years;
    the latest
    attempt takes the form of a new flag to the execveat() system call.

    ======================================================================
    Link to news story:
    https://lwn.net/Articles/982085/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)