Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil> writes:
> Alexander Viro <viro@math.psu.edu>:
> > On Tue, 2 Oct 2001, Rob Landley wrote:
> >
> > > Anybody want to venture an opinion why overwriting executable files that are
>
> > > currently in use gives you a "text file busy" error, but overwriting shared
>
> > > libraries that are in use apparently works just fine (modulo a core dump if
>
> > > you aren't subtle about your run-time patching)?
> > >
> > > Permissions are still enforced, but it seems to me somebody who cracks root
>
> > > on a system could potentially modify the behavior of important system
> daemons
>
> > > without changing their process ID numbers.
> > >
> > > Did I miss something somewhere?
> >
> > Somebody who cracks root can attach gdb to a daemon, modify the contents of
> > its text segment and detach. No need to change any files...
>
> True, but the original problem still appears to be a bug.
>
> Even the owner of the file should not be able to write to a busy executable,
> whether it is a shared library, or an executable image. Remove it, yes.
> Create a new one (in a different inode) - yes.
>
> But not modify a busy executable.
Have ld-linux.so set the MAP_DENYWRITE bit when it is mapping
the library.
Eric
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Sun Oct 07 2001 - 21:00:29 EST