Comment by spc476

4 years ago

Hmmm, from <https://www.man7.org/linux/man-pages/man3/posix_spawn.3.html>:

    The posix_spawn() and posix_spawnp() functions provide the
    functionality of a combined fork(2) and exec(3), with some
    optional housekeeping steps in the child process before the
    exec(3).  These functions are not meant to replace the fork(2)
    and execve(2) system calls.  In fact, they provide only a subset
    of the functionality that can be achieved by using the system
    calls.

Also, there's no way to set resource limits in the child process, nor switch user or group ID, using posix_spawn().

1 comment

spc476

GoblinSlayer 4 years ago

For that you may need posix_spawn and exec, but still can evade fork completely.