Re: fexecve, round 3

To: david%l8s.co.uk@localhost (David Laight), christos%astron.com@localhost (Christos Zoulas)
Subject: Re: fexecve, round 3
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Mon, 26 Nov 2012 03:22:42 +0100

David Laight <david%l8s.co.uk@localhost> wrote:

> Given a chrooted process would need a helping process outside the
> chroot (to pass it the fd), why is allowing the chrooted proccess to
> exec something any different from it arranging to get the helper
> to do it?

Yes, I agree there is no security hazard introduced: if help from a
process outside the chroot is assumed, there are already many ways to
cirumvent chroot security.

> FWIW IIRC the standard says that O_EXEC can't be applied with O_READONLY
> (Or O_RDWR) but does it say that you can't read from a file opened O_EXEC ?

I understand you could not, and this bit is annoying to implement.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Follow-Ups:
- Re: fexecve, round 3
  - From: Thor Lancelot Simon

References:
- Re: fexecve, round 3
  - From: David Laight

Prev by Date: Re: fexecve, round 3
Next by Date: Re: fexecve, round 3
Previous by Thread: Re: fexecve, round 3
Next by Thread: Re: fexecve, round 3
Indexes:

Home | Main Index | Thread Index | Old Index