tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] fexecve



On Fri, Nov 16, 2012 at 09:13:13AM -0500, Thor Lancelot Simon wrote:
 > On Fri, Nov 16, 2012 at 09:14:14AM +0000, David Holland wrote:
 > > On Thu, Nov 15, 2012 at 11:58:59PM -0500, Thor Lancelot Simon wrote:
 > > 
 > > Well, no. You have to first receive a new file descriptor from
 > > somewhere, either on an existing socket (requires owning the other
 > > end) or by opening a new one (not much use in a chroot). Only then you
 > > can overwrite those ints with the number of the new fd and trigger
 > > fexecve(); otherwise you'll get EBADF, because presumably in a
 > > construction like this random file handles that have already been
 > > passed around won't have been opened for execution; nor would
 > > executing one of them be likely to do anything useful anyway.
 > 
 > What is this "opened for execution"?

Something that you need to have to make the whole thing not be a
horrible disaster, and that I naively assumed would have been defined
properly. I guess the people who touted this to the POSIX committee
didn't bother to work through even the elementary design
considerations.

Without some notion of open for execution, open followed by fexecve is
not equivalent to plain execve even for a single process, let alone in
complicated scenarios involving fd passing or inheritance.

 > > Meanwhile [...]

Never mind; all that reasoning appears to have based on false
assumptions.

-- 
David A. Holland
dholland%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index