User: Password:
|
|
Subscribe / Log in / New account

Toward a saner execve()

Toward a saner execve()

Posted Apr 1, 2010 22:32 UTC (Thu) by quotemstr (subscriber, #45331)
Parent article: Toward a saner execve()

execve_nosecurity()? That's a god-awful name for the function. It suggests the opposite of what it actually does. Only a kernel developer living in the linux-devel echo chamber could think that name makes a lick of sense.

Not that it will matter, because like most Linux-specific pieces of functionality, nobody will use it. It's masturbation by API. It won't actually improve security if nobody calls it. But kernel developers will have to cart around support for this abomination forever, and hell, there's always the risk of there actually being a vulnerability introduced in this seldom-used, lightly-tested code path.


(Log in to post comments)

Toward a saner execve()

Posted Apr 2, 2010 20:43 UTC (Fri) by nix (subscriber, #2304) [Link]

Quite so. execve_secure() would be a better name. 'nosecurity' only makes
sense if you think of it as 'do not use the security API', which is only
something a kernel hacker would even *know* about.

Toward a saner execve()

Posted Apr 2, 2010 23:29 UTC (Fri) by eparis123 (guest, #59739) [Link]

Yeah. Unfortunately most of new Linux kernel system call names SUCK.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds