On 2023/02/27 17:17, Theo de Raadt wrote: > Stuart Henderson <s...@spacehopper.org> wrote: > > > This port is broken; doesn't work with our Perl version. 4.79 needs
Testing on 7.2 it seems this worked before the recent Perl update. > > a patch to avoid segfaults because we don't have fexecve() and with > > that fixed still doesn't work (same errors as 4.75). > > I've looked into fexecve() numerous times and I just cannot for the life > of me see how to avoid it becoming a component of attack methodology. > > The people who invented must be completely unaware of the dangerous > tooling this brings to the table. > > OpenBSD will never have it. Surely they must be aware... In particular in an OS with memfd_create it seems particularly potent. As far as this port (p5-IO-AIO) goes, it provides async wrappers for a whole bunch of functions/syscalls. In terms of this, fexecve is just one of dozens it's wrapping, they just didn't check that the function is really available, just assume based on _POSIX_VERSION.
