[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: fexecve, round 3
On Mon, Nov 26, 2012 at 10:18:42AM +0100, Martin Husemann wrote:
> Does anyone know of a setup that uses a process outside of a chroot doing
> descriptor passing to a chrooted process?
Yes. I can point to the same example as Thor has described, but I think
that it is easy to cook up numerous useful examples.
> I wonder if we should disallow that completely (i.e. fail the anxiliary
> data send if sender and recipient have different p_cwdi->cwdi_rdir)?
This idea of failing the ancillary data transmission seems unnecessarily
inflexible to me. I think that if process A has a "send descriptors"
privilege, and process B has a "receive descriptors" privilege, and
there is some communications channel from A to B, then A should be
able to send a descriptor to B regardless of the origin or properties
of that descriptor. B's privileges may not be sufficient to use
certain "methods" of the descriptor---for example, to fexecve() the
descriptor---but I think that is ok, because B's entire purpose may be
to send the descriptor to a third process that can use the descriptor.
dyoung%pobox.com@localhost Urbana, IL (217) 721-9981
Main Index |
Thread Index |