Re: [PATCH] fexecve

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: [PATCH] fexecve
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Thu, 15 Nov 2012 12:24:51 -0500

On Thu, Nov 15, 2012 at 05:23:04PM +0000, Emmanuel Dreyfus wrote:
> On Thu, Nov 15, 2012 at 11:03:15AM -0500, Thor Lancelot Simon wrote:
> > This strikes me as profoundly dangerous.  Among other things, it
> > means you can't allow any program running in a chroot to receive
> > unix-domain messages any more since they might get passed a file
> > descriptor to code they should not be able to execute.
> 
> We can restrict it to VREG vnodes.

Last I checked, most executable code was accessed by VREG vnodes.

Thor

References:
- [PATCH] fexecve
  - From: Emmanuel Dreyfus
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: Emmanuel Dreyfus

Prev by Date: Re: [PATCH] fexecve
Next by Date: Re: [PATCH] fexecve
Previous by Thread: Re: [PATCH] fexecve
Next by Thread: Re: [PATCH] fexecve
Indexes:

Home | Main Index | Thread Index | Old Index