Subj : [$] Restricting execution of scripts  the third approach
To   : All
From : LWN.net
Date : Fri Jul 19 2024 15:15:05

[$] Restricting execution of scripts  the third approach

Date:
Fri, 19 Jul 2024 14:05:43 +0000

Description:
The kernel will not consent to execute just any file that happens to be
sitting in a filesystem; there are formalities, such as the checking of
execute permission and consulting security policies, to get through first.
On some systems, security policies have been established to limit execution
to specifically approved programs.  But there are files that are not
executed directly by the kernel; these include scripts fed to language
interpreters like Python, Perl, or a shell.  An attacker who is able to get
an interpreter to execute a file may be able to bypass a system's security
policies.  Mickal Salan has been working on closing this hole for years;
the latest
attempt takes the form of a new flag to the execveat() system call.

======================================================================
Link to news story:
https://lwn.net/Articles/982085/


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet UK HUB @ hub.uk.erb.pw (1337:1/100)

.