From owner-freebsd-security Sat Oct 12 12:15:52 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id MAA21633 for security-outgoing; Sat, 12 Oct 1996 12:15:52 -0700 (PDT) Received: from phoenix.volant.org (root@phoenix.volant.org [205.179.79.193]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id MAA21626 for ; Sat, 12 Oct 1996 12:15:49 -0700 (PDT) From: patl@asimov.volant.org Received: from asimov.volant.org (asimov.phoenix.volant.org [205.179.79.65]) by phoenix.volant.org (8.7.5/8.7.3) with SMTP id MAA25566 for ; Sat, 12 Oct 1996 12:13:59 -0700 (PDT) Received: by asimov.volant.org (5.x/SMI-SVR4) id AA02624; Sat, 12 Oct 1996 12:17:13 -0700 Date: Sat, 12 Oct 1996 12:17:13 -0700 Message-Id: <9610121917.AA02624@asimov.volant.org> To: freebsd-security@freebsd.org Subject: exec* ("/dev/fd/mumble", ...) Reply-To: patl@Phoenix.volant.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Md5: yT+HmgS6UmNQse/Y463dDA== Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk What happens if you pass "/dev/fd/" to execve(2) or any of the exec* functions that are front-ends to it? In particular, does it properly execute the binary on the open file; and if so, does the executed program inherit an open fd on itself, or does it get closed by execve? If it does work, and it closes the file, it would allow chrooted execution of a binary without requiring the binary to be in the chroot file space. If someone knowlegable in this portion of the kernel can assure me that it should work, I'll add an option to chroot(8) and/or chrootuid(8) to specify that the command should be opened before the chroot(2) and passed as a /dev/fd reference. (Unless, of course, someone can explain why this would be a Bad Idea.) -Pat My opinions are my own. For a small royalty, they can be yours as well... Pat Lashley, Senior Software Engineer, Henry Davis Consulting patl@Phoenix.Volant.ORG || http://Phoenix.Volant.ORG/ || lashley@netcom.com PGP Key Fingerprint: 2C 2A A9 8E 86 F1 AE 17 55 9D 49 31 5B 96 E7 92