LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Toward a saner execve()

Toward a saner execve()

Posted Apr 1, 2010 22:32 UTC (Thu) by quotemstr (subscriber, #45331)
Parent article: Toward a saner execve()

execve_nosecurity()? That's a god-awful name for the function. It suggests the opposite of what it actually does. Only a kernel developer living in the linux-devel echo chamber could think that name makes a lick of sense.

Not that it will matter, because like most Linux-specific pieces of functionality, nobody will use it. It's masturbation by API. It won't actually improve security if nobody calls it. But kernel developers will have to cart around support for this abomination forever, and hell, there's always the risk of there actually being a vulnerability introduced in this seldom-used, lightly-tested code path.

(Log in to post comments)

Toward a saner execve()

Posted Apr 2, 2010 20:43 UTC (Fri) by nix (subscriber, #2304) [Link]

Quite so. execve_secure() would be a better name. 'nosecurity' only makes
sense if you think of it as 'do not use the security API', which is only
something a kernel hacker would even *know* about.

Toward a saner execve()

Posted Apr 2, 2010 23:29 UTC (Fri) by eparis123 (guest, #59739) [Link]

Yeah. Unfortunately most of new Linux kernel system call names SUCK.

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds