tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

fexecve, round 2



Here is an attempt to address what was said about implementing fexecve()

fexecve() checks that the vnode underlying the fd :
- is of type VREG
- grants execution right

O_EXEC  cause open()/openat() to fail if the file mode does not grant
execute rights

There are security concerns with fd passed to chrooted processes, which
could help executing code. Here is a proposal for chrooted processes:
1) if current process and executed vnode have different roots, then
fexecve() fails 
2) if the fd was not open with O_EXEC, fexecve() fails.

First point avoids executing code from outside the chroot
Second point enforces W^X inside the chroot.

Opinions?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index