Re: [PATCH] fexecve

To: tls%panix.com@localhost (Thor Lancelot Simon), mouse%Rodents-Montreal.ORG@localhost (Mouse)
Subject: Re: [PATCH] fexecve
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Thu, 15 Nov 2012 20:20:30 +0100

Thor Lancelot Simon <tls%panix.com@localhost> wrote:

> The point is, this is interesting functionality that makes something
> new possible that is potentially useful from a security point of view,
> but the new thing that's possible also breaks assumptions that existing
> code may rely on to get security guarantees it wants.  

Well, it is standard mandated and we want to be standard compliant. If
it is a security hazard, we can have a sysctl to disable the system
call. Something like
sysctl -w kern.fexecve = 0 and it would return ENOSYS.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Follow-Ups:
- Re: [PATCH] fexecve
  - From: Joerg Sonnenberger
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: Matt Thomas

References:
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon

Prev by Date: Re: [PATCH] fexecve
Next by Date: Re: [PATCH] fexecve
Previous by Thread: Re: [PATCH] fexecve
Next by Thread: Re: [PATCH] fexecve
Indexes:

Home | Main Index | Thread Index | Old Index