tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] fexecve



On Thu, Nov 15, 2012 at 11:03:15AM -0500, Thor Lancelot Simon wrote:
> This strikes me as profoundly dangerous.  Among other things, it
> means you can't allow any program running in a chroot to receive
> unix-domain messages any more since they might get passed a file
> descriptor to code they should not be able to execute.

We can restrict it to VREG vnodes.

-- 
Emmanuel Dreyfus
manu%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index