Fri, Aug 24, 2001 at 09:11:50, dillon (Matt Dillon) wrote about "Re: mmap MAP_INHERIT
question.":
> :> MAP_INHERIT This is supposed to permit regions to be
> :> inherited across execve(2) system calls,
> :> but is currently broken.
> Yah, I agree. Even if we implemented it it would be a massive security
> hole. a MAP_SHARED mmap() is easier.
This is not bigger hole than passing uncontrolled file descriptors
to sugid program (causing, e.g., getpwent() returning NULL without proper
error reporting), or too low resource limits, causing program with
bad coding style to fall into unprovided state. This is not bigger hole
than the whole fork/exec concept, which ideologically allows uncontrolled
state & environment features to affect the new process and its descendants
in unpredictable way. As another example, let's consider ITIMER_REAL
timer sent to sugid program which doesn't use timers, with unmasked signal,
causing the victim to die when it is not allowed (e.g. some base in
rebuilding). An inherited memory mapping will be rather safe inhabitant
of this insanity.
/netch
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-hackers" in the body of the message
