tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

re: core statement on fexecve, O_EXEC, and O_SEARCH

> I've reread the whole thread but I don't understand how fch* and fexec* 
> differ.
> As far as I can see all they cause the same sort of problems.
> So, a solution should be the same for all of them.

AFAIK (i didn't write a test), fchroot() outside of the chroot
is already disallowed by the kernel.

this, among several other additional changes our chroot support
has, are why netbsd chroots are a better base for security than
other platforms chroots.


Home | Main Index | Thread Index | Old Index