Open Source Summit + Embedded Linux Conference + OSPOCon 2021

Linux has various features to control arbitrary file execution, such as file mode bits, ACL, noexec mount option, IMA/EVM, fs-verity, SELinux, AppArmor, etc. However, the features are suitable to limit binary files such as an ELF file, which is the default executable file in Linux, and it is challenging to control interpreters and script files, such as Python and Perl. Because the script file is just a text file passed to interpreters as an argument, and the interpreter can program with command-line options without the script file. Besides, some of the famous interpreters are capable of binary-level programming, and particular interpreters even support functionality that binds low-level libraries. Hence, in today's Linux systems, most adversaries and malware usually use interpreters to perform exploitation actions. Thus, Junghwan Kang suggests a method for restricting the unauthorized execution of interpreters and script files to enhance Linux systems' security. First, he describes the related works preceded by Clip OS, Astra Linux, and Chromium OS. He then proposes a practical approach to control the interpreter and script file execution to ensure security and reduces side effects compared to related works.