Subject: Re: chroot(2)
To: None <firstname.lastname@example.org>
From: Greg A. Woods <email@example.com>
Date: 10/05/1998 13:42:07
[ On Mon, October 5, 1998 at 12:59:35 (-0400), John Kohl wrote: ]
> Subject: Re: chroot(2)
> I was thinking about related issues earlier. For orthogonality, it
> might be convenient to have an "fexec" syscall that gets the text vnode
> from a file descriptor-reference.
Presumably the file descriptor passed to this fexec() call would *not*
be available to the new process.... I'd also assume that this fexec()
call will ignore all set-id bits on the file the descriptor refers to.
I'm not so sure this is a big win. Wouldn't the process still be able
to examine it's own text by looking at the stack and the pc register?
I.e. if there's a buffer-overflow or similar kind of bug through which a
rogue identity can gain control of the process? Of course if the rogue
can get control of the process then presumably it's smart enough not to
need to look at the text of the process. I just can't really see what
hiding the text buys. Presumably it'll be read-only anyway....
Greg A. Woods
+1 416 218-0098 VE3TCP <firstname.lastname@example.org> <robohack!woods>
Planix, Inc. <email@example.com>; Secrets of the Weird <firstname.lastname@example.org>