Re: core statement on fexecve, O_EXEC, and O_SEARCH

[mlelstv%serpens.de@localhost (Michael van Elst)]

manu%NetBSD.org@localhost (Emmanuel Dreyfus) writes:

>Alan Barrett <apb%netbsd.org@localhost> wrote:

>> The fexecve function could be implemented entirely in libc, 
>> via execve(2) on a file name of the form "/proc/self/fd/<N>". 
>> Any security concerns around fexecve() also apply to exec of 
>> /proc/self/fd/<N>.

>I gave a try to this approach. There is an unexpected issue:
>for a reason I cannot figure, namei() does not resolve
>/proc/self/fd/<N>. Here is a ktrace:

>   810      1 t_fexecve CALL  open(0x8048db6,0,0)
>   810      1 t_fexecve NAMI  "/usr/bin/touch"
>   810      1 t_fexecve RET   open 3
>   810      1 t_fexecve CALL  getpid
>   810      1 t_fexecve RET   getpid 810/0x32a, 924/0x39c
>   810      1 t_fexecve CALL  execve(0xbfbfe66f,0xbfbfea98,0xbfbfeaa4)
>   810      1 t_fexecve NAMI  "/proc/self/fd/3"
>   810      1 t_fexecve RET   execve -1 errno 2 No such file or
>directory

The descriptor is probably already "closed on exec" before the syscall
tries to use it.

-- 
-- 
                                Michael van Elst
Internet: mlelstv%serpens.de@localhost
                                "A potential Snark may lurk in every tree."