tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: fexecve, round 3
David Laight <david%l8s.co.uk@localhost> wrote:
> Given a chrooted process would need a helping process outside the
> chroot (to pass it the fd), why is allowing the chrooted proccess to
> exec something any different from it arranging to get the helper
> to do it?
Yes, I agree there is no security hazard introduced: if help from a
process outside the chroot is assumed, there are already many ways to
cirumvent chroot security.
> FWIW IIRC the standard says that O_EXEC can't be applied with O_READONLY
> (Or O_RDWR) but does it say that you can't read from a file opened O_EXEC ?
I understand you could not, and this bit is annoying to implement.
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu%netbsd.org@localhost
Home |
Main Index |
Thread Index |
Old Index