Re: fexecve, round 2

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: fexecve, round 2
From: Matt Thomas <matt%3am-software.com@localhost>
Date: Sat, 17 Nov 2012 09:15:43 -0800

On Nov 17, 2012, at 2:48 AM, Emmanuel Dreyfus wrote:

> Here is an attempt to address what was said about implementing fexecve()
> 
> fexecve() checks that the vnode underlying the fd :
> - is of type VREG
> - grants execution right
> 
> O_EXEC  cause open()/openat() to fail if the file mode does not grant
> execute rights

Also marks the executable with vn_marktext.  Fails if opened with any of  
O_CREATE, O_WRONLY, O_RDWR

> There are security concerns with fd passed to chrooted processes, which
> could help executing code. Here is a proposal for chrooted processes:
> 1) if current process and executed vnode have different roots, then
> fexecve() fails 
> 2) if the fd was not open with O_EXEC, fexecve() fails.

1) seems overkill.

References:
- fexecve, round 2
  - From: Emmanuel Dreyfus

Prev by Date: fexecve, round 2
Next by Date: Re: Questions about pci configuration and the mpt(4) driver
Previous by Thread: fexecve, round 2
Next by Thread: Re: fexecve, round 2
Indexes:

Home | Main Index | Thread Index | Old Index