Re: [PATCH] fexecve

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: [PATCH] fexecve
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Thu, 15 Nov 2012 11:03:15 -0500

On Thu, Nov 15, 2012 at 11:12:09AM +0000, Emmanuel Dreyfus wrote:
> Hi
> 
> Here is a patch that implements fexecve(2) for review:
> http://ftp.espci.fr/shadow/manu/fexecve.patch

This strikes me as profoundly dangerous.  Among other things, it
means you can't allow any program running in a chroot to receive
unix-domain messages any more since they might get passed a file
descriptor to code they should not be able to execute.

If there is not some explanation I am missing for why this doesn't
basically blow up chroot's security in the very common case where
chroot is used to build a W^X environment, I am strongly opposed to
ever including this system call in NetBSD.

I'm sure the Linux crowd don't care, since they deliberately and
proudly punted on actually being able to contain any misbehaving
process within a chroot long ago.  But that's not us.

Thor

Follow-Ups:
- Re: [PATCH] fexecve
  - From: David Holland
- Re: [PATCH] fexecve
  - From: Julian Yon
- Re: [PATCH] fexecve
  - From: Mouse
- Re: [PATCH] fexecve
  - From: Emmanuel Dreyfus
- Re: [PATCH] fexecve
  - From: Taylor R Campbell

Prev by Date: I saw online you were in jail. Is it true???
Next by Date: Re: [PATCH] fexecve
Previous by Thread: I saw online you were in jail. Is it true???
Next by Thread: Re: [PATCH] fexecve
Indexes:

Home | Main Index | Thread Index | Old Index