tech-kern archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: fexecve, round 3



David Laight <david%l8s.co.uk@localhost> wrote:

> Given a chrooted process would need a helping process outside the
> chroot (to pass it the fd), why is allowing the chrooted proccess to
> exec something any different from it arranging to get the helper
> to do it?

Yes, I agree there is no security hazard introduced: if help from a
process outside the chroot is assumed, there are already many ways to
cirumvent chroot security.

> FWIW IIRC the standard says that O_EXEC can't be applied with O_READONLY
> (Or O_RDWR) but does it say that you can't read from a file opened O_EXEC ?

I understand you could not, and this bit is annoying to implement.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost


Home | Main Index | Thread Index | Old Index