tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] fexecve



   Date: Thu, 15 Nov 2012 11:03:15 -0500
   From: Thor Lancelot Simon <tls%panix.com@localhost>

   On Thu, Nov 15, 2012 at 11:12:09AM +0000, Emmanuel Dreyfus wrote:
   > Hi
   > 
   > Here is a patch that implements fexecve(2) for review:
   > http://ftp.espci.fr/shadow/manu/fexecve.patch

   This strikes me as profoundly dangerous.  Among other things, it
   means you can't allow any program running in a chroot to receive
   unix-domain messages any more since they might get passed a file
   descriptor to code they should not be able to execute.

Is this an issue only for executables that are setuid/setgid?

What does FreeBSD do for fexecve in jails, or in Capsicum?


Home | Main Index | Thread Index | Old Index