[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
re: core statement on fexecve, O_EXEC, and O_SEARCH
> I've reread the whole thread but I don't understand how fch* and fexec*
> As far as I can see all they cause the same sort of problems.
> So, a solution should be the same for all of them.
AFAIK (i didn't write a test), fchroot() outside of the chroot
is already disallowed by the kernel.
this, among several other additional changes our chroot support
has, are why netbsd chroots are a better base for security than
other platforms chroots.
Main Index |
Thread Index |