tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: core statement on fexecve, O_EXEC, and O_SEARCH

On Thu, Dec 6, 2012 at 5:46 AM, matthew green <> 
>> I've reread the whole thread but I don't understand how fch* and fexec* 
>> differ.
>> As far as I can see all they cause the same sort of problems.
>> So, a solution should be the same for all of them.
> AFAIK (i didn't write a test), fchroot() outside of the chroot
> is already disallowed by the kernel.

Yes, this is why I said that we can easily "protect" fexec* just like
we do with fch*.
Open file descriptor passed to another chroot via fexec* is not a
problem at all.
If we _are_ able to restrict fch*, we will be able to do the same with fexec*.

> this, among several other additional changes our chroot support
> has, are why netbsd chroots are a better base for security than
> other platforms chroots.

I think proposed fexecve cannot weaken NetBSD chroot.

O_EXEC and a moment in time when permissions are checked is another question.

Home | Main Index | Thread Index | Old Index