Is there a single, unified design and requirements document that describes the threat model, and what you are trying to achieve with AT_EXECVE_CHECK and O_DENY_WRITE? I've been looking at the cover letters for AT_EXECVE_CHECK and O_DENY_WRITE, and the documentation that has landed for AT_EXECVE_CHECK and it really doesn't describe what *are* the checks that AT_EXECVE_CHECK is trying to achieve: "The AT_EXECVE_CHECK execveat(2) flag, and the SECBIT_EXEC_RESTRICT_FILE and SECBIT_EXEC_DENY_INTERACTIVE securebits are intended for script interpreters and dynamic linkers to enforce a consistent execution security policy handled by the kernel." Um, what security policy? What checks? What is a sample exploit which is blocked by AT_EXECVE_CHECK? And then on top of it, why can't you do these checks by modifying the script interpreters? Confused, - Ted
