On Sat, Nov 24, 2012 at 06:53:16PM +0100, Emmanuel Dreyfus wrote: > Let's try to move forward, and I will start will a sum up of what I > understand from the standard. It would be nice if we could at least > reach consensus on standard interpretation.
I think your interpretation of the standard is correct. The particularly problematic part is: > O_EXEC is mutually exclusive with O_RDONLY, O_WRONLY, or O_RDWR This -- along with the basic shift from checking permissions when a handle to an object is obtained to checking them when it's used -- is exemplary of the poor design that seems to have gone into this set of "features". > Does everyone agrees on this interpretation? If we do, next steps are > - describe threats this introduce to chrooted processes > - decide if they are acceptable and if they are not, propose mitigation. I think you left out part of the solution space: - simply don't include this poorly-designed functionality in NetBSD. Thor
