tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: fexecve

To: Christos Zoulas <christos%zoulas.com@localhost>
Subject: Re: fexecve
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sun, 8 Sep 2019 14:03:03 -0400

On Sun, Sep 08, 2019 at 01:23:46PM -0400, Christos Zoulas wrote:
> 
> Here's a simple fexecve(2) implementation. Comments?

I think this is dangerous in systems which use chroot into filesystems
mounted noexec (or nosuid) and file-descriptor passing into the constrained
environment to feed data.  Now new executables (and even setuid ones) can
be fed in, too.

What can we do about that?

Thor

Follow-Ups:
- Re: fexecve
  - From: Taylor R Campbell
- Re: fexecve
  - From: Christos Zoulas

References:
- fexecve
  - From: Christos Zoulas

Prev by Date: fexecve
Next by Date: Re: fexecve
Previous by Thread: fexecve
Next by Thread: Re: fexecve
Indexes:

Home | Main Index | Thread Index | Old Index