tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: fexecve, round 2



On Sun, 18 Nov 2012 18:16:00 +0000
David Holland <dholland-tech%netbsd.org@localhost> wrote:

> On Sat, Nov 17, 2012 at 06:42:50PM -0500, Thor Lancelot Simon wrote:
>  > 
>  > Further, requiring O_EXEC would seem to directly contravene the
>  > standard's language about fexecve()'s behavior.
> 
> The standard is clearly wrong on a number of points and doesn't match
> the historical design and behavior of Unix. Let's either implement
> something correct, or not implement it at all.

What if the only process that was allowed to fexecve was the one which
opened the fd (or possibly extend this to children, but I'm not sure
if that's safe), and any other failed with EBADF? Seems to me this
would allow the intended usage (tenuous as the rationale is) while
closing the chroot based holes that have been discussed.


Julian

-- 
3072D/F3A66B3A Julian Yon (2012 General Use) <pgp.2012%jry.me@localhost>

Attachment: signature.asc
Description: PGP signature



Home | Main Index | Thread Index | Old Index