Re: [PATCH] fexecve

To: tech-kern%NetBSD.org@localhost, tech-security%NetBSD.org@localhost
Subject: Re: [PATCH] fexecve
From: Mouse <mouse%Rodents-Montreal.ORG@localhost>
Date: Thu, 15 Nov 2012 13:50:54 -0500 (EST)

> All of a sudden, the very presence of those sockets means not just
> that a component A running in chroot Ca, with uid Ua, can pass _data_
> to a component B running in chroot Cb, with uid Ub -- which was part
> of the design -- but that it can enable B to run new code that was
> formerly not available at all in Cb (because all memory and
> filesystems available to processes in Cb are either read-only, or
> executable, but not both).

It always could, just not with exec()-family calls.  Did you read the
points you didn't quote about script interpreters and VMs?

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B

Follow-Ups:
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon

References:
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: Mouse
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon

Prev by Date: Re: [PATCH] fexecve
Next by Date: Re: [PATCH] fexecve
Previous by Thread: Re: [PATCH] fexecve
Next by Thread: Re: [PATCH] fexecve
Indexes:

Home | Main Index | Thread Index | Old Index