Re: [PATCH] fexecve

To: Thor Lancelot Simon <tls%panix.com@localhost>
Subject: Re: [PATCH] fexecve
From: Eric Haszlakiewicz <erh%nimenees.com@localhost>
Date: Thu, 15 Nov 2012 17:18:04 -0600

On Thu, Nov 15, 2012 at 04:02:50PM -0500, Thor Lancelot Simon wrote:
> On Thu, Nov 15, 2012 at 06:35:48PM +0000, Julian Yon wrote:
> > 
> > As you mention Linux, their man page for fexecve states ?The file
> > descriptor fd must be opened read-only, and the caller must have
> > permission to execute the file that it refers to.? It sounds like that
> > might be what you're missing? I certainly interpret it to mean that if
> > you can't execve the file, you can't fexecve a FD to it either.
> 
> So.  Suppose I have a chrooted environment where all accessible filesystems
> are mounted either ro or noexec.  Or for that matter just nosuid.
> 
> Now someone passes in a file descriptor, from the outside, that is on a
> filesystem that is not mounted with either of those options.  Perhaps,
> as Matt suggested, one for a setuid executable, yet.  Whoops.

Well setuid executables seem like a special case, but other than that, I
think I can probably manage to execute something without an exec call.
In fact I know I can, just by linking against any dynamic library and
calling one of the functions in it.

eric

Follow-Ups:
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon

References:
- [PATCH] fexecve
  - From: Emmanuel Dreyfus
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: Julian Yon
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon

Prev by Date: Re: [PATCH] fexecve
Next by Date: Re: [PATCH] fexecve
Previous by Thread: Re: [PATCH] fexecve
Next by Thread: Re: [PATCH] fexecve
Indexes:

Home | Main Index | Thread Index | Old Index