tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] fexecve



On Fri, Nov 16, 2012 at 08:02:16PM +0100, Emmanuel Dreyfus wrote:
> Thor Lancelot Simon <tls%panix.com@localhost> wrote:
> 
> > What is this "opened for execution"?  I don't see it in the open(2)
> > manual page 
> 
> Look for O_EXEC here:
> http://pubs.opengroup.org/onlinepubs/9699919799/functions/openat.html

Oof, they got it wrong.  "Open for execute only" -> "deny read/write".  What
was wanted was "Open for execute" -> "allow fexecve".

Defined the way they did it, the only reasonable
interpretation is that you can call fexecve() on a file descriptor
even if it was opened without this flag.

Thor


Home | Main Index | Thread Index | Old Index