| /linux/Documentation/translations/zh_CN/userspace-api/ |
| H A D | no_new_privs.rst | 14 execve系统调用可以给一个新启动的程序授予它的父程序本没有的权限。最明显的两个
26 用的机制来保证一个进程安全地修改其执行环境并跨execve持久化。任何任务都可以设
27 置 ``no_new_privs`` 。一旦该位被设置,它会在fork、clone和execve中继承下去
28 ,并且不能被撤销。在 ``no_new_privs`` 被设置的情况下, ``execve()`` 将保证
29 不会授予权限去做任何没有execve调用就不能做的事情。比如, setuid 和 setgid
31 LSM)不会在execve调用后放松限制。
41 请注意, ``no_new_privs`` 并不能阻止不涉及 ``execve()`` 的权限变化。一个拥有
46 - 为seccomp模式2沙箱安装的过滤器会跨execve持久化,并能够改变新执行程序的行为。
|
| H A D | seccomp_filter.rst | 60 如果 ``fork`` / ``clone`` 和 ``execve`` 被 @prog 所允许,任何子进程都将
|
| /linux/tools/testing/selftests/exec/ |
| H A D | null-argv.c | 71 FORK(execve(argv[0], str, NULL)); in main()
72 FORK(execve(argv[0], NULL, NULL)); in main()
73 FORK(execve(argv[0], NULL, envp)); in main()
74 FORK(execve(argv[0], args, NULL)); in main()
75 FORK(execve(argv[0], args, envp)); in main()
|
| H A D | recursion-depth.c | 62 rv = execve(FILENAME, NULL, NULL); in main()
|
| /linux/Documentation/userspace-api/ |
| H A D | no_new_privs.rst | 5 The execve system call can grant a newly-started program privileges that
23 execution environment in a manner that persists across execve. Any task
25 clone, and execve and cannot be unset. With ``no_new_privs`` set, ``execve()``
27 been done without the execve call. For example, the setuid and setgid
30 execve.
42 involve ``execve()``. An appropriately privileged task can still call
48 execve and can change the behavior of newly-executed programs.
|
| H A D | spec_ctrl.rst | 44 cleared on :manpage:`execve(2)`.
|
| /linux/Documentation/arch/riscv/ |
| H A D | vector.rst | 34 enablement status on execve(). The system-wide default setting can be
50 at next execve(). bit[4] defines the inheritance mode of the setting in
62 Vector enablement setting for the calling thread at the next execve()
65 enablement status when execve() happen.
69 is set then the following execve() will not clear the setting in both
83 PR_RISCV_V_VSTATE_CTRL_NEXT_MASK happens at the next execve() call, or
84 all following execve() calls if PR_RISCV_V_VSTATE_CTRL_INHERIT bit is
92 next execve() call and the inheritance bit are all OR-ed together.
121 At every execve() call, a new enablement status of the new process is set to
132 status of any existing process of thread that do not make an execve() call.
|
| /linux/Documentation/translations/zh_CN/security/ |
| H A D | credentials.rst | 146 可继承能力是那些可以通过 ``execve()`` 传递的能力。
148 边界集限制了通过 ``execve()`` 继承的能力,特别是在以UID 0执行二进制文件时。
152 它们用于控制上述凭据在特定操作如execve()中的操作和继承方式。它们并不直接
206 在execve()的情况下,特权提升位起作用,并且可能允许由可执行文件的注释决定的
380 状态,因为ptrace状态可能会改变结果,特别是在 ``execve()`` 的情况下。
|
| H A D | ipe.rst | 326 ``execve`` 和 ``uselib`` 这些系统调用必须有规则进行保护,
|
| /linux/Documentation/arch/arm64/ |
| H A D | sme.rst | 102 exceptions for execve() described in section 6.
182 Inherit the current vector length across execve(). Otherwise, the
183 vector length is reset to the system default at execve(). (See
188 Defer the requested vector length change until the next execve()
192 call immediately after the next execve() (if any) by the thread:
211 to be applied at the next execve() by the thread (dependent on whether
224 vector length that will be applied at the next execve() by the calling
248 Vector length will be inherited across execve().
252 fork() or vfork() and the corresponding execve() in typical use).
388 * At every execve() call, the new vector length of the new process is set to
[all …]
|
| /linux/tools/testing/selftests/powerpc/dexcr/ |
| H A D | dexcr_test.c | 141 execve("/proc/self/exe", args, NULL); in dexcr_prctl_aspect_test()
163 execve("/proc/self/exe", args, NULL); in dexcr_prctl_aspect_test()
|
| H A D | hashchk_test.c | 139 execve("/proc/self/exe", hashchk_exec_child_args, NULL); in hashchk_exec_random_key_test()
|
| /linux/tools/perf/trace/strace/groups/ |
| H A D | file | 4 execve
|
| H A D | string | 10 execve
|
| /linux/tools/testing/selftests/landlock/ |
| H A D | sandbox-and-launch.c | 79 execve(argv[0], argv, NULL); in main()
|
| /linux/tools/testing/selftests/riscv/vector/ |
| H A D | v_helpers.c | 47 rc = execve(next_program, exec_argv, exec_envp); in launch_test()
|
| H A D | vstate_exec_nolibc.c | 39 rc = execve(THIS_PROGRAM, exec_argv, exec_envp); in main()
|
| /linux/tools/testing/selftests/timens/ |
| H A D | exec.c | 80 /* Check for proper vvar offsets after execve. */ in main()
82 execve("/proc/self/exe", cargv, cenv); in main()
83 return pr_perror("execve"); in main()
|
| H A D | vfork_exec.c | 120 /* Check for proper vvar offsets after execve. */ in main()
122 execve("/proc/self/exe", cargv, cenv); in main()
123 pr_perror("execve"); in main()
|
| /linux/tools/perf/bench/ |
| H A D | syscall.c | 64 execve(pathname, argv, NULL); in test_execve()
65 fprintf(stderr, "execve /bin/true failed\n"); in test_execve()
130 name = "execve()"; in bench_syscall_common()
|
| /linux/tools/testing/selftests/rlimits/ |
| H A D | rlimits-per-userns.c | 81 execve(service_prog, argv, envp); in fork_child()
|
| /linux/arch/um/os-Linux/ |
| H A D | main.c | 120 execve(buf, argv, envp); in main()
|
| /linux/tools/testing/selftests/powerpc/benchmarks/ |
| H A D | fork.c | 79 if (execve("./exec_target", argv, NULL) == -1) { in run_exec()
|
| /linux/tools/testing/selftests/riscv/abi/ |
| H A D | pointer_masking.c | 184 execve("/proc/self/exe", (char *const []) { "", NULL }, NULL); in test_fork_exec()
|
| /linux/Documentation/security/ |
| H A D | credentials.rst | 167 ``execve()``.
170 ``execve()``, especially when a binary is executed that will execute as
177 execve(). They aren't used directly as objective or subjective
242 operations allowed or disallowed as a result. In the case of execve(), the
446 ``execve()``.
|