tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] fexecve

On Fri, Nov 16, 2012 at 12:35:46PM +0000, Julian Yon wrote:
 > > Meanwhile, if you can own the other end to the point where you can
 > > open an executable file containing code you supplied and pass it down
 > > an existing socket connection, you've already done arbitrary code
 > > execution. If the other end is a W^X chroot, that's not supposed to be
 > > possible; if the other end isn't chrooted you've probably already won.
 > The spec only requires that the file only needs to be open for reading.
 > The calling process needs to have permission to execute the file, but
 > in Thor's scenario the process that opens the FD doesn't.

That is clearly broken, then.

David A. Holland

Home | Main Index | Thread Index | Old Index