[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [PATCH] fexecve
On Fri, Nov 16, 2012 at 12:35:46PM +0000, Julian Yon wrote:
> > Meanwhile, if you can own the other end to the point where you can
> > open an executable file containing code you supplied and pass it down
> > an existing socket connection, you've already done arbitrary code
> > execution. If the other end is a W^X chroot, that's not supposed to be
> > possible; if the other end isn't chrooted you've probably already won.
> The spec only requires that the file only needs to be open for reading.
> The calling process needs to have permission to execute the file, but
> in Thor's scenario the process that opens the FD doesn't.
That is clearly broken, then.
David A. Holland
Main Index |
Thread Index |