Ensure that direct file execution (e.g. ./script.sh) and indirect file execution (e.g. sh script.sh) lead to the same result to support script protection.
Gu Bowen (2): IMA support script execution check fix kabi breakage due to exec is_check
Kees Cook (1): exec: Check __FMODE_EXEC instead of in_execve for LSMs
Linus Torvalds (1): execve: open the executable file before doing anything else
Mickaël Salaün (1): exec: Add a new AT_CHECK flag to execveat(2)
V2: Add a new patch to fix kabi breakage. Align with the original variables to prevent others from inserting new variables before is_check in the future.
fs/exec.c | 87 ++++++++++++++++++------------- include/linux/binfmts.h | 9 ++++ include/linux/ima.h | 1 + include/uapi/linux/fcntl.h | 31 +++++++++++ kernel/audit.h | 3 ++ kernel/auditsc.c | 1 + security/apparmor/lsm.c | 4 +- security/integrity/ima/ima_main.c | 11 ++++ security/security.c | 17 +++++- security/tomoyo/tomoyo.c | 3 +- 10 files changed, 128 insertions(+), 39 deletions(-)