On Thu, Nov 15, 2012 at 04:02:50PM -0500, Thor Lancelot Simon wrote:
>
> > From the spec: ?The purpose of the fexecve() function is to enable
> > executing a file which has been verified to be the intended file. It is
> > possible to actively check the file by reading from the file descriptor
> > and be sure that the file is not exchanged for another between the
> > reading and the execution.? ...which seems a reasonable enough thing to
> > want to do.
>
> Look at that rationale carefully and I think you will see the race condition
> that it does not eliminate. Talk about a "solution looking for a problem"!
You could create a temporary file, unlink it, copy the executable
into the new file, verify the the contents, and then exec the
unlinked temporary file.
Better add an open mode that hard disables writes (as used on many
systems for executables anyway), open the file with that mode ...
David
--
David Laight: da...@l8s.co.uk
