On Thu, Nov 15, 2012 at 11:12:09AM +0000, Emmanuel Dreyfus wrote: > Hi > > Here is a patch that implements fexecve(2) for review: > http://ftp.espci.fr/shadow/manu/fexecve.patch
This strikes me as profoundly dangerous. Among other things, it means you can't allow any program running in a chroot to receive unix-domain messages any more since they might get passed a file descriptor to code they should not be able to execute. If there is not some explanation I am missing for why this doesn't basically blow up chroot's security in the very common case where chroot is used to build a W^X environment, I am strongly opposed to ever including this system call in NetBSD. I'm sure the Linux crowd don't care, since they deliberately and proudly punted on actually being able to contain any misbehaving process within a chroot long ago. But that's not us. Thor
