tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [PATCH] fexecve
Thor Lancelot Simon <tls%panix.com@localhost> wrote:
> The point is, this is interesting functionality that makes something
> new possible that is potentially useful from a security point of view,
> but the new thing that's possible also breaks assumptions that existing
> code may rely on to get security guarantees it wants.
Well, it is standard mandated and we want to be standard compliant. If
it is a security hazard, we can have a sysctl to disable the system
call. Something like
sysctl -w kern.fexecve = 0 and it would return ENOSYS.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index