[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
fexecve, round 2
Here is an attempt to address what was said about implementing fexecve()
fexecve() checks that the vnode underlying the fd :
- is of type VREG
- grants execution right
O_EXEC cause open()/openat() to fail if the file mode does not grant
There are security concerns with fd passed to chrooted processes, which
could help executing code. Here is a proposal for chrooted processes:
1) if current process and executed vnode have different roots, then
2) if the fd was not open with O_EXEC, fexecve() fails.
First point avoids executing code from outside the chroot
Second point enforces W^X inside the chroot.
Main Index |
Thread Index |