Date: Fri, 22 Jan 2010 11:30:21 +0000
From: Alan Cox <alan@lxorguk.ukuu.org.uk>
To: Stepan Chatalyan <kehcho@gmail.com>
Cc: linux-kernel@vger.kernel.org
Subject: Re: Hi all, bug or design flaw?
Message-ID: <20100122113021.2c850509@lxorguk.ukuu.org.uk>
In-Reply-To: <22d9728d1001211705i4cf90df2ha730061ea01972b6@mail.gmail.com>
References: <22d9728d1001211705i4cf90df2ha730061ea01972b6@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: linux-kernel-owner@vger.kernel.org
Content-Length: 1236
Lines: 29

> (3) I tried to execut it with "./createdfile"
> [kehcho@kehcho] [/tmp]$ ./createdfile
> -bash: ./createdfile: /bin/bash: bad interpreter: Permission denied

The kernel noexec blocks execution of binaries from the file system. It's
not really a 'security' model so much as a useful historic way of
stopping people running wrong things by accident, and over NFS and the
like of stopping people trying to run binaries for the wrong machine

> (4) I tried to execute it, but pass to bash ". /tmp/createdfile"
> 
> [kehcho@tornadowt] [/tmp]$ . /tmp/createdfile
> Probe...
> 
> It is a kernel bug or I just report a another one?

Then bash loads the file and interprets the commands - not the kernel.

Data is data - there is no real distinction between "instructions" to
execute and "data files" in computing.

The "nosuid" bit is different. Only the kernel has the power to grant
suid status so while you could run a noexec program by hand loading it
you couldn't make it run setuid that way.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/