l4-hurd
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: new exec server protocol

From: Niels Möller
Subject: Re: new exec server protocol
Date: 21 May 2003 09:14:57 +0200
User-agent: Gnus/5.09 (Gnus v5.9.0) Emacs/21.2 
Marcus Brinkmann <address@hidden> writes:

> > I'd be happy do stop
> > pretending that this case works securely, by making executable,
> > non-readable, non-setuid files either readable or unexecutable, but
> > perhaps that breaks POSIX compliance?
> 
> Good question.

If we want to keep this questionable feature, and still have no
special help from the exec server or file system for the the most
common case, then the user code at the start of exec could be
something like

  * open the file for O_READ | O_EXEC

  * if open failed, try opening it with O_EXEC, and invoke the file
    server's secure-exec call

  * fstat the file

  * if the file is setuid or setgid, invoke the file server's secure
    exec call

  * examine the interpreter field (both #! and ELF interpreters) of
    the file. If there is an interpreter, change the argument list and
    start over.

  * call the exec server/exec stub code, to replace the address space
    and do the rest of the work.

This treats executable but unreadable files as another kind of secure
exec, which makes some sense.

/Niels
reply via email to
[Prev in Thread] Current Thread [Next in Thread]