tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: [PATCH] fexecve
> All of a sudden, the very presence of those sockets means not just
> that a component A running in chroot Ca, with uid Ua, can pass _data_
> to a component B running in chroot Cb, with uid Ub -- which was part
> of the design -- but that it can enable B to run new code that was
> formerly not available at all in Cb (because all memory and
> filesystems available to processes in Cb are either read-only, or
> executable, but not both).
It always could, just not with exec()-family calls. Did you read the
points you didn't quote about script interpreters and VMs?
/~\ The ASCII Mouse
\ / Ribbon Campaign
X Against HTML mouse%rodents-montreal.org@localhost
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B
Home |
Main Index |
Thread Index |
Old Index