On Wed, Dec 05, 2012 at 08:39:55AM -0500, Thor Lancelot Simon wrote: > I also think we need to check, for all the fch*, fexec* syscalls: > > * permissions both retained from the file's open and at the time > of use
I don't think this is necessary, any more than it is for read and write permissions. > * whether the name in question still refers to the file in question I don't see the point of this. > * whether the name in question is within the process' current root > (forbidding fchdir and fchroot otherwise). Definitely. -- David A. Holland dholl...@netbsd.org