Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1030448AbWJCSES (ORCPT ); Tue, 3 Oct 2006 14:04:18 -0400 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S1030450AbWJCSES (ORCPT ); Tue, 3 Oct 2006 14:04:18 -0400 Received: from mail.aknet.ru ([82.179.72.26]:14859 "EHLO mail.aknet.ru") by vger.kernel.org with ESMTP id S1030449AbWJCSER (ORCPT ); Tue, 3 Oct 2006 14:04:17 -0400 Message-ID: <4522A691.7070700@aknet.ru> Date: Tue, 03 Oct 2006 22:06:09 +0400 From: Stas Sergeev User-Agent: Thunderbird 1.5.0.7 (X11/20060913) MIME-Version: 1.0 To: Ulrich Drepper Cc: Arjan van de Ven , Linux kernel , Alan Cox , Hugh Dickins , Valdis.Kletnieks@vt.edu Subject: Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps References: <45150CD7.4010708@aknet.ru> <451555CB.5010006@aknet.ru> <1159037913.24572.62.camel@localhost.localdomain> <45162BE5.2020100@aknet.ru> <1159106032.11049.12.camel@localhost.localdomain> <45169C0C.5010001@aknet.ru> <4516A8E3.4020100@redhat.com> <4516B2C8.4050202@aknet.ru> <4516B721.5070801@redhat.com> <45198395.4050008@aknet.ru> <1159396436.3086.51.camel@laptopd505.fenrus.org> <451E3C0C.10105@aknet.ru> <1159887682.2891.537.camel@laptopd505.fenrus.org> <45229A99.6060703@aknet.ru> <45229C8E.6080503@redhat.com> In-Reply-To: <45229C8E.6080503@redhat.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1161 Lines: 29 Hello. Ulrich Drepper wrote: > You keep repeating the same nonsense over and over again, lot listening > to anybody who doesn't agree with your position. My position is simple: the ld.so problem needs a better solution than the current one. The current one, for example, still allows to use ld.so directly to execute the files for which you do not have an exec permission. And that's not an only problem... > If you don't want to have the noexec semantics on a filesystem, remove > it. And allow an attacker to store his files on that partition, and then execute them. > Not using the strict (mmap + protect) makes the whole thing There is no "mmap + mprotect" here - only mmap was changed. > completely meaningless since ld.so can be invoked directly. I have already proposed another solution for ld.so problem 3 times. That fact doesn't make it a good solution of course, but obviously you haven't had a look. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/