1. Looks like FreeBSD (and my initial posting) leaves the file descriptor of the executable open in the process's image. The Linux man page says to set close-on-exec if you don't want it to be passed to the child process. Which behavior do you prefer? To have fexecve close the fd automatically or to leave it up to the caller? It seems less magical to leave it to the caller, but it also requires action from the caller.
2. I am setting the path of the executable to "/" and p_comm to "*fexecve*". I could also do a reverse lookup and set them to the path of the binary, I found and default to "/" and "*fexecve*" if that's not found. I know people don't like those reverse lookups because of the vnode cache issues... 3. Are there any security requirements you want me to implement before I commit this? There were some concerns about chroot issues and fd passing, but my undestanding is that Taylor mentioned that those are already present. Best, christos
