tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] fexecve

On Sun, Nov 18, 2012 at 07:27:27PM +0000, Julian Yon wrote:
> On Sat, 17 Nov 2012 21:45:02 +0000
> David Laight <> wrote:
> > On Fri, Nov 16, 2012 at 12:52:30PM +0000, Julian Yon wrote:
> > > 
> > > What does this gain over passing a filename around? (NB. I'm not
> > > claiming that's an entirely safe model either, but it's already
> > > possible).
> > 
> > You don't need the executable image inside the chroot.
> I don't believe that's intended to be possible, and if it is, I'm not
> sure it's a gain.

I actually think it might be, if it didn't run the risk of blowing up
code that wasn't written to expect it.

If we're going to commit this syscall at all, I think it should be
accompanied by a new socket option for unix domain sockets, which
defaults to "off", but if explicitly set to "on", allows file descriptors
passed across the socket to be used for exec.


Home | Main Index | Thread Index | Old Index