David Laight <da...@l8s.co.uk> wrote: > Given a chrooted process would need a helping process outside the > chroot (to pass it the fd), why is allowing the chrooted proccess to > exec something any different from it arranging to get the helper > to do it?
Yes, I agree there is no security hazard introduced: if help from a process outside the chroot is assumed, there are already many ways to cirumvent chroot security. > FWIW IIRC the standard says that O_EXEC can't be applied with O_READONLY > (Or O_RDWR) but does it say that you can't read from a file opened O_EXEC ? I understand you could not, and this bit is annoying to implement. -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz m...@netbsd.org
