On Sat, Oct 03, 2015 at 09:52:13PM +0200, Mike Burns wrote:
> On 2015-10-03 09.53.54 -0600, Theo de Raadt wrote:
> >
> > I don't know why you added "proc". I don't see a need for it. Do
> > you have a seperate test cases that prompts this?
>
> Yes, here is a simple test for it:
>
> $ echo "!echo ECHO" | dc
> Killed
> $ echo "!echo ECHO" > t ; dc t
> Killed
> $ echo $?
> 137
>
> This is because of the system(3) call in bcode.c, the bexec function.
>
Just a remark about "proc" request. It won't allow calling exec(2), but
only fork(2) (and some others, see the man page for details).
exec(2) is really special for a tamed program: allowing it could permit
to defeat the purpose of tame.
in hypothetic case of exec(2) with tame(2):
- if an exec'ed program starts with TAME flags cleared: it could do
what he want. so even if your process is tamed, it could potentially
permit all things. it is bad.
- if an exec'ed program starts with herited TAME flags: the
initialisation of the program would be difficult as it would be
already tamed.
--
Sebastien Marie
