On Nov 17, 2012, at 2:48 AM, Emmanuel Dreyfus wrote: > Here is an attempt to address what was said about implementing fexecve() > > fexecve() checks that the vnode underlying the fd : > - is of type VREG > - grants execution right > > O_EXEC cause open()/openat() to fail if the file mode does not grant > execute rights
Also marks the executable with vn_marktext. Fails if opened with any of O_CREATE, O_WRONLY, O_RDWR > There are security concerns with fd passed to chrooted processes, which > could help executing code. Here is a proposal for chrooted processes: > 1) if current process and executed vnode have different roots, then > fexecve() fails > 2) if the fd was not open with O_EXEC, fexecve() fails. 1) seems overkill.