tech-security archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [PATCH] fexecve
> If you don't have read rights you can open with O_EXEC instead, and
> you can't read the file you just opened; it merely provides a
> mechanism to pointlessly use fexecve.
I disagree that it's pointless.
You can still check that, for example, it's the same dev/inumber/size
you have recorded in a database of what executables ought to be. Not
as good as a full checksum, but certainly a higher bar than just
winning a switch-the-symlink race.
Also, as someone else pointed out upthread, you can open executables
before you chroot, hang onto the fds, and execute them later.
fexecve() is also the only way to execute a binary that has no
accessible name (and chroots are not the only way that can happen).
For example, maybe you've just written into an unlinked file, or maybe
it exists in a part of the filesystem namespace that now has something
mounted in front of it. (Whether these are good things to be able to
do is open to debate, of course.)
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index