fexecve, round 2

To: tech-kern%netbsd.org@localhost
Subject: fexecve, round 2
From: manu%netbsd.org@localhost (Emmanuel Dreyfus)
Date: Sat, 17 Nov 2012 11:48:20 +0100

Here is an attempt to address what was said about implementing fexecve()

fexecve() checks that the vnode underlying the fd :
- is of type VREG
- grants execution right

O_EXEC  cause open()/openat() to fail if the file mode does not grant
execute rights

There are security concerns with fd passed to chrooted processes, which
could help executing code. Here is a proposal for chrooted processes:
1) if current process and executed vnode have different roots, then
fexecve() fails 
2) if the fd was not open with O_EXEC, fexecve() fails.

First point avoids executing code from outside the chroot
Second point enforces W^X inside the chroot.

Opinions?

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost

Follow-Ups:
- Re: fexecve, round 2
  - From: David Laight
- Re: fexecve, round 2
  - From: Thor Lancelot Simon
- Re: fexecve, round 2
  - From: Matt Thomas

Prev by Date: Questions about pci configuration and the mpt(4) driver
Next by Date: Re: fexecve, round 2
Previous by Thread: Questions about pci configuration and the mpt(4) driver
Next by Thread: Re: fexecve, round 2
Indexes:

Home | Main Index | Thread Index | Old Index