[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [PATCH] fexecve
On Thu, Nov 15, 2012 at 04:02:50PM -0500, Thor Lancelot Simon wrote:
> On Thu, Nov 15, 2012 at 06:35:48PM +0000, Julian Yon wrote:
> > As you mention Linux, their man page for fexecve states ?The file
> > descriptor fd must be opened read-only, and the caller must have
> > permission to execute the file that it refers to.? It sounds like that
> > might be what you're missing? I certainly interpret it to mean that if
> > you can't execve the file, you can't fexecve a FD to it either.
> So. Suppose I have a chrooted environment where all accessible filesystems
> are mounted either ro or noexec. Or for that matter just nosuid.
> Now someone passes in a file descriptor, from the outside, that is on a
> filesystem that is not mounted with either of those options. Perhaps,
> as Matt suggested, one for a setuid executable, yet. Whoops.
Well setuid executables seem like a special case, but other than that, I
think I can probably manage to execute something without an exec call.
In fact I know I can, just by linking against any dynamic library and
calling one of the functions in it.
Main Index |
Thread Index |