In article <[email protected]>, Thor Lancelot Simon <[email protected]> wrote: >On Sun, Sep 08, 2019 at 01:23:46PM -0400, Christos Zoulas wrote: >> >> Here's a simple fexecve(2) implementation. Comments? > >I think this is dangerous in systems which use chroot into filesystems >mounted noexec (or nosuid) and file-descriptor passing into the constrained >environment to feed data. Now new executables (and even setuid ones) can >be fed in, too. > >What can we do about that?
- We can completely dissallow fexecve in chrooted environments. or - We can check the permissions of the mountpoint of the current working directory in addition to checking the mountpoint of the executable's vnode. christos
