Re: [PATCH] fexecve

To: Julian Yon <julian%yon.org.uk@localhost>
Subject: Re: [PATCH] fexecve
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Fri, 16 Nov 2012 15:48:05 +0000

On Fri, Nov 16, 2012 at 12:35:46PM +0000, Julian Yon wrote:
 > > Meanwhile, if you can own the other end to the point where you can
 > > open an executable file containing code you supplied and pass it down
 > > an existing socket connection, you've already done arbitrary code
 > > execution. If the other end is a W^X chroot, that's not supposed to be
 > > possible; if the other end isn't chrooted you've probably already won.
 > 
 > The spec only requires that the file only needs to be open for reading.
 > The calling process needs to have permission to execute the file, but
 > in Thor's scenario the process that opens the FD doesn't.

That is clearly broken, then.

-- 
David A. Holland
dholland%netbsd.org@localhost

References:
- [PATCH] fexecve
  - From: Emmanuel Dreyfus
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: David Holland
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: Mouse
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: David Holland
- Re: [PATCH] fexecve
  - From: Julian Yon

Prev by Date: Re: [PATCH] fexecve
Next by Date: Re: [PATCH] fexecve
Previous by Thread: Re: [PATCH] fexecve
Next by Thread: Re: [PATCH] fexecve
Indexes:

Home | Main Index | Thread Index | Old Index