tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: fexecve, round 3

On Mon, Nov 26, 2012 at 10:18:42AM +0100, Martin Husemann wrote:
> Does anyone know of a setup that uses a process outside of a chroot doing
> descriptor passing to a chrooted process?

Yes.  I can point to the same example as Thor has described, but I think
that it is easy to cook up numerous useful examples.

> I wonder if we should disallow that completely (i.e. fail the anxiliary
> data send if sender and recipient have different p_cwdi->cwdi_rdir)?

This idea of failing the ancillary data transmission seems unnecessarily
inflexible to me.  I think that if process A has a "send descriptors"
privilege, and process B has a "receive descriptors" privilege, and
there is some communications channel from A to B, then A should be
able to send a descriptor to B regardless of the origin or properties
of that descriptor.  B's privileges may not be sufficient to use
certain "methods" of the descriptor---for example, to fexecve() the
descriptor---but I think that is ok, because B's entire purpose may be
to send the descriptor to a third process that can use the descriptor.


David Young    Urbana, IL    (217) 721-9981

Home | Main Index | Thread Index | Old Index