Ensure that direct file execution (e.g. ./script.sh) and indirect file execution (e.g. sh script.sh) lead to the same result to support script protection.
Gu Bowen (2): IMA support script execution check fix kabi breakage due to exec is_check
Kees Cook (1): exec: Check __FMODE_EXEC instead of in_execve for LSMs
Linus Torvalds (2): execve: open the executable file before doing anything else uselib: remove use of __FMODE_EXEC
Mickaël Salaün (1): exec: Add a new AT_CHECK flag to execveat(2)
V2: Add a new patch to fix kabi breakage. Align with the original variables to prevent others from inserting new variables before is_check in the future.
V3: Add a mainline patch to fix commit 4759ff71f23e(exec: __FMODE_EXEC instead of in_execve for LSMs).
V4: Since openEuler has a more standardised way of using KABI_FILL_HOLE to fix kabi breakage, replace it.
fs/exec.c | 89 ++++++++++++++++++------------- include/linux/binfmts.h | 5 ++ include/linux/ima.h | 1 + include/uapi/linux/fcntl.h | 31 +++++++++++ kernel/audit.h | 1 + kernel/auditsc.c | 1 + security/apparmor/lsm.c | 4 +- security/integrity/ima/ima_main.c | 11 ++++ security/security.c | 17 +++++- security/tomoyo/tomoyo.c | 3 +- 10 files changed, 123 insertions(+), 40 deletions(-)