O_MAYEXEC — explicitly opening files for execution
O_MAYEXEC — explicitly opening files for execution
Posted May 15, 2020 18:03 UTC (Fri) by amarao (guest, #87073)Parent article: O_MAYEXEC — explicitly opening files for execution
Is ansible playbook 'exec'? Is ansible inventory 'exec'? It may contain variables with Jinja templates and 'command' lookup plugin, which is local code execution by the way.
The border line is extremely blurry. Is mailbox executed by mua? It may contain js...
Posted May 15, 2020 19:34 UTC (Fri)
by mjg59 (subscriber, #23239)
[Link]
Posted May 16, 2020 5:15 UTC (Sat)
by neilbrown (subscriber, #359)
[Link]
Unless an application is configured to be careful about what it runs, then it doesn't ever set the flag.
But is it has been configured - either at compile-time or by some /etc/bash-security.conf file - to disable -c and reading from stdin, then it will set O_MAYEXEC whenever it opens any file to read commands.
Similarly any other app, whether browser or music player or editor, might accept a "be secure" configuration which causes it to start using O_MAYEXEC. If "secure" isn't uni-valued for the particular app, then the configuration will fill in the details.
O_MAYEXEC isn't a tool to enforce security. It is a tool to help people who so desire to build more secure systems. The person who builds the final system decides what O_MAYEXEC means exactly, just as they choose what permissions to put on different files.
O_MAYEXEC — explicitly opening files for execution
O_MAYEXEC — explicitly opening files for execution
So if /bin/sh will accept "-c code" on the command line, and will execute code read from stdin, then it will equally execute code read from a file opened without O_MAYEXEC, and so never bothers to set O_MAYEXEC.