archives/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-03-08 04:04:43 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
Linux kernel source tree
1323824 commits 1 branch 921 tags 8.5 GiB
Find a file
Mickaël Salaün a0623b2a1d security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits 
The new SECBIT_EXEC_RESTRICT_FILE, SECBIT_EXEC_DENY_INTERACTIVE, and
their *_LOCKED counterparts are designed to be set by processes setting
up an execution environment, such as a user session, a container, or a
security sandbox.  Unlike other securebits, these ones can be set by
unprivileged processes.  Like seccomp filters or Landlock domains, the
securebits are inherited across processes.

When SECBIT_EXEC_RESTRICT_FILE is set, programs interpreting code should
control executable resources according to execveat(2) + AT_EXECVE_CHECK
(see previous commit).

When SECBIT_EXEC_DENY_INTERACTIVE is set, a process should deny
execution of user interactive commands (which excludes executable
regular files).

Being able to configure each of these securebits enables system
administrators or owner of image containers to gradually validate the
related changes and to identify potential issues (e.g. with interpreter
or audit logs).

It should be noted that unlike other security bits, the
SECBIT_EXEC_RESTRICT_FILE and SECBIT_EXEC_DENY_INTERACTIVE bits are
dedicated to user space willing to restrict itself.  Because of that,
they only make sense in the context of a trusted environment (e.g.
sandbox, container, user session, full system) where the process
changing its behavior (according to these bits) and all its parent
processes are trusted.  Otherwise, any parent process could just execute
its own malicious code (interpreting a script or not), or even enforce a
seccomp filter to mask these bits.

Such a secure environment can be achieved with an appropriate access
control (e.g. mount's noexec option, file access rights, LSM policy) and
an enlighten ld.so checking that libraries are allowed for execution
e.g., to protect against illegitimate use of LD_PRELOAD.

Ptrace restrictions according to these securebits would not make sense
because of the processes' trust assumption.

Scripts may need some changes to deal with untrusted data (e.g. stdin,
environment variables), but that is outside the scope of the kernel.

See chromeOS's documentation about script execution control and the
related threat model:
https://www.chromium.org/chromium-os/developer-library/guides/security/noexec-shell-scripts/

Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Andy Lutomirski <luto@amacapital.net>
Cc: Christian Brauner <brauner@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Paul Moore <paul@paul-moore.com>
Reviewed-by: Serge Hallyn <serge@hallyn.com>
Reviewed-by: Jeff Xu <jeffxu@chromium.org>
Tested-by: Jeff Xu <jeffxu@chromium.org>
Signed-off-by: Mickaël Salaün <mic@digikod.net>
Link: https://lore.kernel.org/r/20241212174223.389435-3-mic@digikod.net
Signed-off-by: Kees Cook <kees@kernel.org>
2024-12-18 17:00:29 -08:00
arch - Have the Automatic IBRS setting check on AMD does not falsely fire in 2024-12-08 11:38:56 -08:00
block blk-mq: move cpuhp callback registering out of q->sysfs_lock 2024-12-06 09:48:46 -07:00
certs sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 2024-09-20 19:52:48 +03:00
crypto module: Convert symbol namespace to string literal 2024-12-02 11:34:44 -08:00
Documentation security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits 2024-12-18 17:00:29 -08:00
drivers - Fix a /proc/interrupts formatting regression 2024-12-08 11:54:04 -08:00
fs exec: Add a new AT_EXECVE_CHECK flag to execveat(2) 2024-12-18 17:00:29 -08:00
include security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits 2024-12-18 17:00:29 -08:00
init - The series "resource: A couple of cleanups" from Andy Shevchenko 2024-11-25 16:09:48 -08:00
io_uring io_uring: Change res2 parameter type in io_uring_cmd_done 2024-12-03 06:33:13 -07:00
ipc - The series "resource: A couple of cleanups" from Andy Shevchenko 2024-11-25 16:09:48 -08:00
kernel - Fix a /proc/interrupts formatting regression 2024-12-08 11:54:04 -08:00
lib 24 hotfixes. 17 are cc:stable. 15 are MM and 9 are non-MM. 2024-12-08 11:26:13 -08:00
LICENSES LICENSES: add 0BSD license text 2024-09-01 20:43:24 -07:00
mm 24 hotfixes. 17 are cc:stable. 15 are MM and 9 are non-MM. 2024-12-08 11:26:13 -08:00
net BPF fixes: 2024-12-06 15:07:48 -08:00
rust block-6.13-20242901 2024-11-30 15:47:29 -08:00
samples BPF fixes: 2024-12-06 15:07:48 -08:00
scripts Kbuild fixes for v6.13 2024-12-08 12:01:06 -08:00
security security: Add EXEC_RESTRICT_FILE and EXEC_DENY_INTERACTIVE securebits 2024-12-18 17:00:29 -08:00
sound sound fixes for 6.13-rc2 2024-12-06 11:46:39 -08:00
tools 24 hotfixes. 17 are cc:stable. 15 are MM and 9 are non-MM. 2024-12-08 11:26:13 -08:00
usr initramfs: shorten cmd_initfs in usr/Makefile 2024-07-16 01:07:52 +09:00
virt VFIO updates for v6.13 2024-11-27 12:57:03 -08:00
.clang-format clang-format: Update with v6.11-rc1's for_each macro list 2024-08-02 13:20:31 +02:00
.clippy.toml rust: enable Clippy's check-private-items 2024-10-07 21:39:57 +02:00
.cocciconfig scripts: add Linux .cocciconfig for coccinelle 2016-07-22 12:13:39 +02:00
.editorconfig .editorconfig: remove trim_trailing_whitespace option 2024-06-13 16:47:52 +02:00
.get_maintainer.ignore MAINTAINERS: Retire Ralf Baechle 2024-11-12 15:48:59 +01:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore Kbuild updates for v6.13 2024-11-30 13:41:50 -08:00
.mailmap media updates for v6.13-rc1 2024-11-20 14:01:15 -08:00
.rustfmt.toml rust: add .rustfmt.toml 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS cgroup: Changes for v6.13 2024-11-20 09:54:49 -08:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS arm64 fixes for 6.13-rc2: 2024-12-06 13:47:55 -08:00
Makefile Linux 6.13-rc2 2024-12-08 14:03:39 -08:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.