tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] fexecve



> All of a sudden, the very presence of those sockets means not just
> that a component A running in chroot Ca, with uid Ua, can pass _data_
> to a component B running in chroot Cb, with uid Ub -- which was part
> of the design -- but that it can enable B to run new code that was
> formerly not available at all in Cb (because all memory and
> filesystems available to processes in Cb are either read-only, or
> executable, but not both).

It always could, just not with exec()-family calls.  Did you read the
points you didn't quote about script interpreters and VMs?

/~\ The ASCII                             Mouse
\ / Ribbon Campaign
 X  Against HTML                mouse%rodents-montreal.org@localhost
/ \ Email!           7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B


Home | Main Index | Thread Index | Old Index