Post Syndicated from original https://lwn.net/Articles/832959/rss

The ability to execute the contents of a file is controlled by the
execute-permission bits — some of the time. If a given file contains code
that can be executed by an interpreter — such as shell commands or code in a
language like Perl or Python, for example — there are easy ways to run the interpreter on
the file regardless of whether it has execute permission enabled or not.
Mickaël Salaün has been working on tightening up the administrator’s
control over execution by interpreters for some time, but has struggled to
find an acceptable home for this feature. His latest attempt takes the
form of a new system call named trusted_for().