Re: fexecve, round 2

To: tech-kern%netbsd.org@localhost
Subject: Re: fexecve, round 2
From: David Holland <dholland-tech%netbsd.org@localhost>
Date: Sun, 18 Nov 2012 18:51:51 +0000

On Sun, Nov 18, 2012 at 06:16:00PM +0000, David Holland wrote:
 >  > This appears to contradict either the description of O_EXEC in the
 >  > standard, or the standard's rationale for adding fexecve().  The
 >  > standard says O_EXEC causes the file to be open for execution "only".
 >  > 
 >  > In other words, O_EXEC means you can't read nor write the file.  Now
 >  > the rationale for fexecve() doesn't hold, since you cannot read from
 >  > the fd, then exec from it without a reopen.
 >  > 
 >  > Further, requiring O_EXEC would seem to directly contravene the
 >  > standard's language about fexecve()'s behavior.
 > 
 > The standard is clearly wrong on a number of points and doesn't match
 > the historical design and behavior of Unix. Let's either implement
 > something correct, or not implement it at all.

Also it seems that the specification of O_SEARCH (and I think the
implementation we just got, too) is flawed in the same way - it is
performing access checks at use time instead of at open time.

(Also the implementation we just got seems to be missing any access
check at open time -- this seems entirely wrong.)

-- 
David A. Holland
dholland%netbsd.org@localhost

Follow-Ups:
- Re: fexecve, round 2
  - From: David Holland

References:
- fexecve, round 2
  - From: Emmanuel Dreyfus
- Re: fexecve, round 2
  - From: Thor Lancelot Simon
- Re: fexecve, round 2
  - From: David Holland

Prev by Date: Re: fexecve, round 2
Next by Date: Re: Can't load solaris and zfs module in Xen DomU
Previous by Thread: Re: fexecve, round 2
Next by Thread: Re: fexecve, round 2
Indexes:

Home | Main Index | Thread Index | Old Index