Re: fexecve, round 3

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: fexecve, round 3
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sun, 25 Nov 2012 10:25:21 -0500

On Sat, Nov 24, 2012 at 06:53:16PM +0100, Emmanuel Dreyfus wrote:
> Let's try to move forward, and I will start will a sum up of what I
> understand from the standard. It would be nice if we could at least
> reach consensus on standard interpretation.

I think your interpretation of the standard is correct.  The
particularly problematic part is:

> O_EXEC is mutually exclusive with O_RDONLY, O_WRONLY, or O_RDWR

This -- along with the basic shift from checking permissions when a handle
to an object is obtained to checking them when it's used -- is exemplary of
the poor design that seems to have gone into this set of "features".

> Does everyone agrees on this interpretation? If we do, next steps are
> - describe threats this introduce to chrooted processes
> - decide if they are acceptable and if they are not, propose mitigation.

I think you left out part of the solution space:

 - simply don't include this poorly-designed functionality in NetBSD.

Thor

Follow-Ups:
- Re: fexecve, round 3
  - From: Christos Zoulas

References:
- fexecve, round 3
  - From: Emmanuel Dreyfus

Prev by Date: Re: very bad behavior on overquota writes
Next by Date: **Reply by email.
Previous by Thread: fexecve, round 3
Next by Thread: Re: fexecve, round 3
Indexes:

Home | Main Index | Thread Index | Old Index