tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: fexecve, round 3

David Laight <> wrote:

> Given a chrooted process would need a helping process outside the
> chroot (to pass it the fd), why is allowing the chrooted proccess to
> exec something any different from it arranging to get the helper
> to do it?

Yes, I agree there is no security hazard introduced: if help from a
process outside the chroot is assumed, there are already many ways to
cirumvent chroot security.

> FWIW IIRC the standard says that O_EXEC can't be applied with O_READONLY
> (Or O_RDWR) but does it say that you can't read from a file opened O_EXEC ?

I understand you could not, and this bit is annoying to implement.

Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index