core statement on fexecve, O_EXEC, and O_SEARCH

To: tech-kern%netbsd.org@localhost
Subject: core statement on fexecve, O_EXEC, and O_SEARCH
From: Alan Barrett <apb%netbsd.org@localhost>
Date: Mon, 26 Nov 2012 01:49:09 +0300

The NetBSD core group has considered adding the
fexecve(2) or fexecve(3) syscall or function, and adding
new O_EXEC and O_SEARCH open(2) flags.

These new features may be useful, but their security propertiesare not well understood. The core group is of the opinion thatthese new features should not be added to NetBSD until there isa design that discusses their security properties, the way theyinteract with each other and existing features, and addresses thesecurity concerns.

Designs that are slightly incompatible with other operatingsystems or with POSIX need not be ruled out; for example, it maybe reasonable to make fexecve() fail if the fd was not opened withcertain flags, or to automatically clear certain flags when the fdis passed from one process to another.

The fexecve function could be implemented entirely in libc,via execve(2) on a file name of the form "/proc/self/fd/<N>".Any security concerns around fexecve() also apply to exec of/proc/self/fd/<N>.

If necessary, the open(2) syscall could be versioned so thatO_RDONLY is no longer defined as zero.


--
Alan Barrett, on behalf of core

Follow-Ups:
- Re: core statement on fexecve, O_EXEC, and O_SEARCH
  - From: Emmanuel Dreyfus
- Re: core statement on fexecve, O_EXEC, and O_SEARCH
  - From: David Holland
- Re: core statement on fexecve, O_EXEC, and O_SEARCH
  - From: David Laight

Prev by Date: Re: fexecve, round 3
Next by Date: Re: fexecve, round 3
Previous by Thread: **Reply by email.
Next by Thread: Re: core statement on fexecve, O_EXEC, and O_SEARCH
Indexes:

Home | Main Index | Thread Index | Old Index