HBSD: Introduce Trusted Path Execution (TPE) support (!75) · Merge requests · HardenedBSD / HardenedBSD

Shawn Webb requested to merge hardened/current/tpe into hardened/current/master Jun 10, 2022

TPE limits the scope of what files can be executed. By default, TPE is left disabled, but can be enabled via the hardening.pax.tpe.status sysctl tunable.

When enabled, TPE will check the to-be-executed file's parent directory to determine whether the directory is owned by the caller and is writable to users/groups other than the owner.

The above logic is only run when:

The hardening.pax.tpe.all sysctl tunable is non-zero;
The user's primary group is the group specified in the hardening.pax.tpe.gid group;
When the hardening.pax.tpe.negate sysctl tunable is non-zero, the user's primary group is NOT the group specified in the hardening.pax.tpe.gid group.

Signed-off-by: Shawn Webb shawn.webb@hardenedbsd.org MFC-to: 13-STABLE

HBSD: Introduce Trusted Path Execution (TPE) support

Merge request reports