Re: fexecve, round 3

To: tech-kern%netbsd.org@localhost
Subject: Re: fexecve, round 3
From: David Young <dyoung%pobox.com@localhost>
Date: Mon, 26 Nov 2012 11:45:46 -0600

On Mon, Nov 26, 2012 at 10:18:42AM +0100, Martin Husemann wrote:
> Does anyone know of a setup that uses a process outside of a chroot doing
> descriptor passing to a chrooted process?

Yes.  I can point to the same example as Thor has described, but I think
that it is easy to cook up numerous useful examples.

> I wonder if we should disallow that completely (i.e. fail the anxiliary
> data send if sender and recipient have different p_cwdi->cwdi_rdir)?

This idea of failing the ancillary data transmission seems unnecessarily
inflexible to me.  I think that if process A has a "send descriptors"
privilege, and process B has a "receive descriptors" privilege, and
there is some communications channel from A to B, then A should be
able to send a descriptor to B regardless of the origin or properties
of that descriptor.  B's privileges may not be sufficient to use
certain "methods" of the descriptor---for example, to fexecve() the
descriptor---but I think that is ok, because B's entire purpose may be
to send the descriptor to a third process that can use the descriptor.

Dave

-- 
David Young
dyoung%pobox.com@localhost    Urbana, IL    (217) 721-9981

References:
- Re: fexecve, round 3
  - From: David Laight
- Re: fexecve, round 3
  - From: Emmanuel Dreyfus
- Re: fexecve, round 3
  - From: Thor Lancelot Simon
- Re: fexecve, round 3
  - From: Emmanuel Dreyfus
- Re: fexecve, round 3
  - From: Martin Husemann

Prev by Date: Re: fexecve, round 3
Next by Date: Re: Aborted Command, ahd_timeout, panic: no dir
Previous by Thread: Re: fexecve, round 3
Next by Thread: Product recommendation at Washupito's Tiendita
Indexes:

Home | Main Index | Thread Index | Old Index