Not just the execute flag. The noexec mount flag and other options that exist on Linux to say do not run this.

The goal is reasonable problem is working out how to do it. Unix is where being able to disregard the execute flag and other options comes from when using interpreters. Its also simple to forget that all Linux dynamic binaries are basically sitting behind interpreter as well the ld-Linux bit.

Microsoft uses Linux a lot in Axure cloud and then you have WSL and other places so. they do have a interest in make sure Linux security does in fact work. I am not saying not to look out for EEE problems.

Big thing here is Microsoft is looking to upstream their changes. When Microsoft EEE java and the like they wanted to do the alterations privately.

I am absolutely OK with them helping, as long as they're not messing up stuff.

It's not even a matter of thinking they'll botch things for linux on purpose... I just don't trust them with any major design decisions, even if they need it to save their own lives.

Fortunately Linux has a lot of hands on deck from a lot of places, so it's almost guaranteed proposals get refined before being set in stone and going into everyone's machines... unlike a certain control panel redesign, wink

Jokes apart, it looks like this makes a lot of sense indeed and maybe even answers a couple questions I had about what those execute bit, noexec mount options ans whatnot are really for...


a fuzzy question comes to mind though...

can this sort of restriction really be applied from the kernel? like preventing an interpreter from interpreting a script and executing its interpretation?

and if not, how do you even handle/avoid attempts at recursively passing along interpretable content from a supposedly non-executable script through an executable script to the interpreter?

if you're just gonna make more interpreters themselves refuse to interpret when no-exec is set, it seems like a weak protection (and sort of what we already have?)

and if not, where would you draw the line between a script and a data-driven game engine... LUA comes to mind as a complex case, as well as Conky layout files, etc