Re: core statement on fexecve, O_EXEC, and O_SEARCH

To: matthew green <mrg%eterna.com.au@localhost>
Subject: Re: core statement on fexecve, O_EXEC, and O_SEARCH
From: Aleksey Cheusov <cheusov%tut.by@localhost>
Date: Sat, 8 Dec 2012 17:57:04 +0200

On Thu, Dec 6, 2012 at 5:46 AM, matthew green <mrg%eterna.com.au@localhost> 
wrote:
>
>> I've reread the whole thread but I don't understand how fch* and fexec* 
>> differ.
>> As far as I can see all they cause the same sort of problems.
>> So, a solution should be the same for all of them.
>
> AFAIK (i didn't write a test), fchroot() outside of the chroot
> is already disallowed by the kernel.

Yes, this is why I said that we can easily "protect" fexec* just like
we do with fch*.
Open file descriptor passed to another chroot via fexec* is not a
problem at all.
If we _are_ able to restrict fch*, we will be able to do the same with fexec*.

> this, among several other additional changes our chroot support
> has, are why netbsd chroots are a better base for security than
> other platforms chroots.

I think proposed fexecve cannot weaken NetBSD chroot.

O_EXEC and a moment in time when permissions are checked is another question.

References:
- Re: core statement on fexecve, O_EXEC, and O_SEARCH
  - From: Aleksey Cheusov
- re: core statement on fexecve, O_EXEC, and O_SEARCH
  - From: matthew green

Prev by Date: Re: Broadcast traffic on vlans leaks into the parent interface on NetBSD-5.1
Next by Date: Re: Making forced unmounts work
Previous by Thread: re: core statement on fexecve, O_EXEC, and O_SEARCH
Next by Thread: Re: core statement on fexecve, O_EXEC, and O_SEARCH
Indexes:

Home | Main Index | Thread Index | Old Index