Toward a saner execve()
Posted Apr 1, 2010 22:32 UTC (Thu) by quotemstr
Parent article: Toward a saner execve()
execve_nosecurity()? That's a god-awful name for the function. It suggests the opposite of what it actually does. Only a kernel developer living in the linux-devel echo chamber could think that name makes a lick of sense.
Not that it will matter, because like most Linux-specific pieces of functionality, nobody will use it. It's masturbation by API. It won't actually improve security if nobody calls it. But kernel developers will have to cart around support for this abomination forever, and hell, there's always the risk of there actually being a vulnerability introduced in this seldom-used, lightly-tested code path.
to post comments)