re: core statement on fexecve, O_EXEC, and O_SEARCH

To: Aleksey Cheusov <cheusov%tut.by@localhost>
Subject: re: core statement on fexecve, O_EXEC, and O_SEARCH
From: matthew green <mrg%eterna.com.au@localhost>
Date: Thu, 06 Dec 2012 13:46:16 +1100

> I've reread the whole thread but I don't understand how fch* and fexec* 
> differ.
> As far as I can see all they cause the same sort of problems.
> So, a solution should be the same for all of them.

AFAIK (i didn't write a test), fchroot() outside of the chroot
is already disallowed by the kernel.

this, among several other additional changes our chroot support
has, are why netbsd chroots are a better base for security than
other platforms chroots.


.mrg.

Follow-Ups:
- Re: core statement on fexecve, O_EXEC, and O_SEARCH
  - From: Aleksey Cheusov

References:
- Re: core statement on fexecve, O_EXEC, and O_SEARCH
  - From: Aleksey Cheusov

Prev by Date: Re: filesystem namespace regions, or making mountd less bozotic
Next by Date: Re: filesystem namespace regions, or making mountd less bozotic
Previous by Thread: Re: core statement on fexecve, O_EXEC, and O_SEARCH
Next by Thread: Re: core statement on fexecve, O_EXEC, and O_SEARCH
Indexes:

Home | Main Index | Thread Index | Old Index