On Sat, May 11, 2019 at 7:37 PM Andy Lutomirski <l...@amacapital.net> wrote:
>
> I bet this will break something that already exists. An execveat() flag to
> turn off /proc/self/exe would do the trick, though.
Thinking more about it, I suspect it is (once again) wrong to let the
thing that does the execve() control that bit.
Generally, the less we allow people to affect the lifetime and
environment of a suid executable, the better off we are.
But maybe we could limit /proc/*/exe to at least not honor suid'ness
of the target? Or does chrome/runc depend on that too?
Linus
