Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751124AbWI0LwR (ORCPT ); Wed, 27 Sep 2006 07:52:17 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1751129AbWI0LwR (ORCPT ); Wed, 27 Sep 2006 07:52:17 -0400 Received: from gprs189-60.eurotel.cz ([160.218.189.60]:51464 "EHLO spitz.ucw.cz") by vger.kernel.org with ESMTP id S1751124AbWI0LwP (ORCPT ); Wed, 27 Sep 2006 07:52:15 -0400 Date: Wed, 27 Sep 2006 11:51:34 +0000 From: Pavel Machek To: David Wagner Cc: linux-kernel@vger.kernel.org Subject: Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps Message-ID: <20060927115134.GC4296@ucw.cz> References: <45150CD7.4010708@aknet.ru> <4516C9D0.3080606@aknet.ru> <20060925105355.GA4390@elf.ucw.cz> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: User-Agent: Mutt/1.5.9i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1506 Lines: 31 Hi On Mon 25-09-06 21:36:26, David Wagner wrote: > Pavel Machek wrote: > >> I'm curious about this, too. ld-linux.so is a purely unprivileged > >> program. It isn't setuid root. Can you write a variant of ld-linux.so > >> that reads an executable into memory off of a partition mounted noexec and > >> then begins executing that code? (perhaps by using anonymous mmap > >> with > > > >Yes, you can, but to execute your ld-linux-ignore-noexec.so variant, > >you need to put it somewhere with exec permissions, right? > > Well, yes, if you write it as a binary executable -- but not if you're > more clever. For instance, you can write a ld-linux-ignore-noexec.so.pl > Perl script, store the Perl script on the noexec partition, and execute > it via "/usr/bin/perl ld-linux-ignore-noexec.so.pl" (since I think > Perl scripts can execute all of the system calls you'd need to use to > write your own loader, since it's pretty well guaranteed that /usr/bin > will live on a partition that is not marked noexec). Note that Perl Ok, you are right. For noexec to be effective, interpretters need to be well-behaved, and perl is not. Maybe we should forget about noexec, and maybe we should fix perl, I do not know. -- Thanks for all the (sleeping) penguins. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/