tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] fexecve

On Thu, Nov 15, 2012 at 11:12:09AM +0000, Emmanuel Dreyfus wrote:
> Hi
> Here is a patch that implements fexecve(2) for review:

This strikes me as profoundly dangerous.  Among other things, it
means you can't allow any program running in a chroot to receive
unix-domain messages any more since they might get passed a file
descriptor to code they should not be able to execute.

If there is not some explanation I am missing for why this doesn't
basically blow up chroot's security in the very common case where
chroot is used to build a W^X environment, I am strongly opposed to
ever including this system call in NetBSD.

I'm sure the Linux crowd don't care, since they deliberately and
proudly punted on actually being able to contain any misbehaving
process within a chroot long ago.  But that's not us.


Home | Main Index | Thread Index | Old Index