[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [PATCH] fexecve
On Thu, Nov 15, 2012 at 05:23:04PM +0000, Emmanuel Dreyfus wrote:
> On Thu, Nov 15, 2012 at 11:03:15AM -0500, Thor Lancelot Simon wrote:
> > This strikes me as profoundly dangerous. Among other things, it
> > means you can't allow any program running in a chroot to receive
> > unix-domain messages any more since they might get passed a file
> > descriptor to code they should not be able to execute.
> We can restrict it to VREG vnodes.
Last I checked, most executable code was accessed by VREG vnodes.
Main Index |
Thread Index |