Re: [PATCH] fexecve

To: tech-kern%NetBSD.org@localhost, tech-security%NetBSD.org@localhost
Subject: Re: [PATCH] fexecve
From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost>
Date: Thu, 15 Nov 2012 22:14:18 +0100

On Thu, Nov 15, 2012 at 08:20:30PM +0100, Emmanuel Dreyfus wrote:
> Thor Lancelot Simon <tls%panix.com@localhost> wrote:
> 
> > The point is, this is interesting functionality that makes something
> > new possible that is potentially useful from a security point of view,
> > but the new thing that's possible also breaks assumptions that existing
> > code may rely on to get security guarantees it wants.  
> 
> Well, it is standard mandated and we want to be standard compliant. If
> it is a security hazard, we can have a sysctl to disable the system
> call. Something like
> sysctl -w kern.fexecve = 0 and it would return ENOSYS.

Frankly, I still don't see the point why something would want to use it.

Joerg

Follow-Ups:
- Re: [PATCH] fexecve
  - From: David Laight

References:
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: Emmanuel Dreyfus

Prev by Date: Re: [PATCH] fexecve
Next by Date: Re: [PATCH] fexecve
Previous by Thread: Re: [PATCH] fexecve
Next by Thread: Re: [PATCH] fexecve
Indexes:

Home | Main Index | Thread Index | Old Index