Re: fexecve, round 3

To: tech-kern%netbsd.org@localhost
Subject: Re: fexecve, round 3
From: christos%astron.com@localhost (Christos Zoulas)
Date: Sun, 25 Nov 2012 19:54:59 +0000 (UTC)

In article <20121125152520.GA17833%panix.com@localhost>,
Thor Lancelot Simon  <tls%panix.com@localhost> wrote:
>On Sat, Nov 24, 2012 at 06:53:16PM +0100, Emmanuel Dreyfus wrote:
>> Let's try to move forward, and I will start will a sum up of what I
>> understand from the standard. It would be nice if we could at least
>> reach consensus on standard interpretation.
>
>I think your interpretation of the standard is correct.  The
>particularly problematic part is:
>
>> O_EXEC is mutually exclusive with O_RDONLY, O_WRONLY, or O_RDWR
>
>This -- along with the basic shift from checking permissions when a handle
>to an object is obtained to checking them when it's used -- is exemplary of
>the poor design that seems to have gone into this set of "features".
>
>> Does everyone agrees on this interpretation? If we do, next steps are
>> - describe threats this introduce to chrooted processes
>> - decide if they are acceptable and if they are not, propose mitigation.
>
>I think you left out part of the solution space:
>
> - simply don't include this poorly-designed functionality in NetBSD.

Unless you want to change O_RDONLY to be non-zero and version all
the syscalls that use it :-)

christos

Follow-Ups:
- Re: fexecve, round 3
  - From: David Laight
- Re: fexecve, round 3
  - From: Mouse

References:
- fexecve, round 3
  - From: Emmanuel Dreyfus
- Re: fexecve, round 3
  - From: Thor Lancelot Simon

Prev by Date: **Reply by email.
Next by Date: Re: fexecve, round 3
Previous by Thread: Re: fexecve, round 3
Next by Thread: Re: fexecve, round 3
Indexes:

Home | Main Index | Thread Index | Old Index