[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: core statement on fexecve, O_EXEC, and O_SEARCH
On Thu, Dec 6, 2012 at 5:46 AM, matthew green <mrg%eterna.com.au@localhost>
>> I've reread the whole thread but I don't understand how fch* and fexec*
>> As far as I can see all they cause the same sort of problems.
>> So, a solution should be the same for all of them.
> AFAIK (i didn't write a test), fchroot() outside of the chroot
> is already disallowed by the kernel.
Yes, this is why I said that we can easily "protect" fexec* just like
we do with fch*.
Open file descriptor passed to another chroot via fexec* is not a
problem at all.
If we _are_ able to restrict fch*, we will be able to do the same with fexec*.
> this, among several other additional changes our chroot support
> has, are why netbsd chroots are a better base for security than
> other platforms chroots.
I think proposed fexecve cannot weaken NetBSD chroot.
O_EXEC and a moment in time when permissions are checked is another question.
Main Index |
Thread Index |