tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: fexecve, round 3

On Sun, Nov 25, 2012 at 07:54:59PM +0000, Christos Zoulas wrote:
> >
> >> Does everyone agrees on this interpretation? If we do, next steps are
> >> - describe threats this introduce to chrooted processes

Given a chrooted process would need a helping process outside the
chroot (to pass it the fd), why is allowing the chrooted proccess to
exec something any different from it arranging to get the helper
to do it?

I think it can only matter if the uid of the chroot is root.
Even then you could (probably) do nothing you couldn;t do by
mmaping some anon space with exec permissions and writing code to it.

FWIW IIRC the standard says that O_EXEC can't be applied with O_READONLY
(Or O_RDWR) but does it say that you can't read from a file opened O_EXEC ?


David Laight:

Home | Main Index | Thread Index | Old Index