Re: fexecve

To: tech-kern%NetBSD.org@localhost
Subject: Re: fexecve
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Sun, 8 Sep 2019 18:39:33 -0400 (EDT)

>> (I'd actually _like_ to see something capabilityish, in which case
>> "can use fexecve" would be a capability that could be removed, from
>> init if need be, on systems that care about this sort of thing.)
> Couldn't we have an enable/disable sysctl variable for this?

Certainly.  I would count that as "something capabilityish" - after
all, assuming it's per-process, in what ways, aside from the APIs used
to control it, does that differ from a capability?

Or, to return for a moment to my roots,

$ SET PROC/PRIV=FEXECVE

/~\ The ASCII				  Mouse
\ / Ribbon Campaign
 X  Against HTML		mouse%rodents-montreal.org@localhost
/ \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

References:
- fexecve
  - From: Christos Zoulas
- Re: fexecve
  - From: David Holland
- Re: fexecve
  - From: Mouse
- Re: fexecve
  - From: Paul Goyette

Prev by Date: Re: fexecve
Next by Date: re: fexecve
Previous by Thread: Re: fexecve
Next by Thread: Re: fexecve
Indexes:

Home | Main Index | Thread Index | Old Index