[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: exec and EXECSERVERS

From: Thomas Bushnell, BSG
Subject: Re: exec and EXECSERVERS
Date: 19 Dec 2002 15:52:12 -0800
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2

"Alfred M. Szmidt" <ams@kemisten.nu> writes:

>    > What was the reason for disabling EXECSERVERS in exec?  I think that
>    > it is quite an useful feature when debugging exec, or playing around
>    > with new features for it.
>    This[1] thread might interest you.
>    [1] http://mail.gnu.org/pipermail/bug-hurd/2000-May/001211.html
> Interesting.  Roland and/or Thomas, could you comment on the possible
> security risks, if any such existed with EXECSERVERS?

Well, a setuid exec itself should disable EXECSERVERS.  But the
environment variable might still get inherited, and seven layers of
fork/exec later, do something nasty.  So that means that setuid exec
should in fact clear EXECSERVERS in the passed environment.

That's a nasty wart, however, having the *exec server* go mucking
around with environment variables.  

reply via email to

[Prev in Thread] Current Thread [Next in Thread]