tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [PATCH] fexecve
Date: Thu, 15 Nov 2012 11:03:15 -0500
From: Thor Lancelot Simon <tls%panix.com@localhost>
On Thu, Nov 15, 2012 at 11:12:09AM +0000, Emmanuel Dreyfus wrote:
> Hi
>
> Here is a patch that implements fexecve(2) for review:
> http://ftp.espci.fr/shadow/manu/fexecve.patch
This strikes me as profoundly dangerous. Among other things, it
means you can't allow any program running in a chroot to receive
unix-domain messages any more since they might get passed a file
descriptor to code they should not be able to execute.
Is this an issue only for executables that are setuid/setgid?
What does FreeBSD do for fexecve in jails, or in Capsicum?
Home |
Main Index |
Thread Index |
Old Index