tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: fexecve, round 2

On Nov 17, 2012, at 2:48 AM, Emmanuel Dreyfus wrote:

> Here is an attempt to address what was said about implementing fexecve()
> fexecve() checks that the vnode underlying the fd :
> - is of type VREG
> - grants execution right
> O_EXEC  cause open()/openat() to fail if the file mode does not grant
> execute rights

Also marks the executable with vn_marktext.  Fails if opened with any of  

> There are security concerns with fd passed to chrooted processes, which
> could help executing code. Here is a proposal for chrooted processes:
> 1) if current process and executed vnode have different roots, then
> fexecve() fails 
> 2) if the fd was not open with O_EXEC, fexecve() fails.

1) seems overkill.

Home | Main Index | Thread Index | Old Index