-----BEGIN PGP SIGNED MESSAGE-----
>>>>> "Jeff" == Jeff Dike <jdike@...> writes:
Jeff> steve_schmidtke@... said:
>> >Why doesn't linux have an fexecve() ? Well, one possibility: If you
>> can suck in a binary through an fd, so can a cracker.
Jeff> Actually, fexecve is a serious proposal. The main advantage is
Jeff> race condition avoidance. Right now, if you're going to
And, everyone else (*BSD, Solaris, etc.) want it for the same reason.
Getting it with the right semantics is a problem.
For instance, if a program is -r+x for you, you can't open it to fexecve()
it! What about if it has #!... at the front? what about if to lseek()
on it first. can you ever do this on a socket?
In addition, you may have to pass a series of other FDs for the shared
libraries that are needed.
Still, being able to receive a FD via Unix-domain socket, and then exec
that is very cool.
] ON HUMILITY: to err is human. To moo, bovine. | firewalls [
] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[
] mcr@... http://www.sandelman.ottawa.on.ca/ |device driver[
] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
Comment: Finger me for keys
-----END PGP SIGNATURE-----