Date: Thu, 15 Nov 2012 11:03:15 -0500 From: Thor Lancelot Simon <t...@panix.com>
On Thu, Nov 15, 2012 at 11:12:09AM +0000, Emmanuel Dreyfus wrote: > Hi > > Here is a patch that implements fexecve(2) for review: > http://ftp.espci.fr/shadow/manu/fexecve.patch This strikes me as profoundly dangerous. Among other things, it means you can't allow any program running in a chroot to receive unix-domain messages any more since they might get passed a file descriptor to code they should not be able to execute. Is this an issue only for executables that are setuid/setgid? What does FreeBSD do for fexecve in jails, or in Capsicum?
