Re: [PATCH] fexecve

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: [PATCH] fexecve
From: Taylor R Campbell <campbell+netbsd-tech-kern%mumble.net@localhost>
Date: Thu, 15 Nov 2012 16:30:50 +0000

   Date: Thu, 15 Nov 2012 11:03:15 -0500
   From: Thor Lancelot Simon <tls%panix.com@localhost>

   On Thu, Nov 15, 2012 at 11:12:09AM +0000, Emmanuel Dreyfus wrote:
   > Hi
   > 
   > Here is a patch that implements fexecve(2) for review:
   > http://ftp.espci.fr/shadow/manu/fexecve.patch

   This strikes me as profoundly dangerous.  Among other things, it
   means you can't allow any program running in a chroot to receive
   unix-domain messages any more since they might get passed a file
   descriptor to code they should not be able to execute.

Is this an issue only for executables that are setuid/setgid?

What does FreeBSD do for fexecve in jails, or in Capsicum?

References:
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon

Prev by Date: Re: [PATCH] fexecve
Next by Date: Re: [PATCH] fexecve
Previous by Thread: Re: [PATCH] fexecve
Next by Thread: Re: [PATCH] fexecve
Indexes:

Home | Main Index | Thread Index | Old Index