On Thu, Apr 03, 2008 at 08:45:53PM -0700, Bart Smaalders wrote: > John Zolnowsky x69422/408-404-5064 wrote: > > >The general nature of mmapfd() mapping represents a possible solution > >to a concern being discussed in 2008/195. The issue is that > >interpreters other than rtld often have the equivalent of libraries, > >for example, perl's .pm and .pl or the shell "source" or "." commands. > >These extended forms of library are presently introduced into the > >process "execution" using general interfaces (open(), read()), > >precluding any reliable triggering for validition of the object. As > >much as mmapfd() provides a generalized mechanism for accessing these > >forms of libraries, it would serve as a enabler for validated > >execution. > > cat /etc/file | sh ??? > > It seems to be that validated execution is somewhat missing the point > by focusing on "execution".
Darren M. noticed this a while back and commented on this on the valex-discuss list, with no resolution. This week there's a more active discussion of the issue on that list. > I'll take my comments to 2008/195 when I get a chance.. Perhaps it's time to take the valex-discuss thread onto the 2008/195 case. With 2008/195 a full case I thought it'd be better to discuss the matter in the project list and then bring issues to the meeting. Nico --
