tech-kern archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
core statement on fexecve, O_EXEC, and O_SEARCH
The NetBSD core group has considered adding the
fexecve(2) or fexecve(3) syscall or function, and adding
new O_EXEC and O_SEARCH open(2) flags.
These new features may be useful, but their security properties
are not well understood. The core group is of the opinion that
these new features should not be added to NetBSD until there is
a design that discusses their security properties, the way they
interact with each other and existing features, and addresses the
security concerns.
Designs that are slightly incompatible with other operating
systems or with POSIX need not be ruled out; for example, it may
be reasonable to make fexecve() fail if the fd was not opened with
certain flags, or to automatically clear certain flags when the fd
is passed from one process to another.
The fexecve function could be implemented entirely in libc,
via execve(2) on a file name of the form "/proc/self/fd/<N>".
Any security concerns around fexecve() also apply to exec of
/proc/self/fd/<N>.
If necessary, the open(2) syscall could be versioned so that
O_RDONLY is no longer defined as zero.
--
Alan Barrett, on behalf of core
Home |
Main Index |
Thread Index |
Old Index