Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps

From: Stas Sergeev
Date: Wed Oct 04 2006 - 15:35:07 EST

Next message: Martin Bligh: "Re: [RFC][PATCH 0/4] Generic container system"
Previous message: Frederik Deweerdt: "[RFC PATCH] add pci_{request,free}_irq take #3"
In reply to: Arjan van de Ven: "Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps"
Next in thread: David Wagner: "Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi.

Arjan van de Ven wrote:

and chmod o-x bash ....
at which point.. game over.
(and yes you can do in bash pretty much what you can do in perl. heck
you can prove that.. shell is turning complete ;)

Can I do a syscalls from a bash script?
But in any case, I am not going to suggest any
solution against a script-loader - the mmap change
doesn't prevent that too.
Instead I'd like to evaluate a few ideas about an
ld.so problem. One of which is to _enforce_ the "noexec",
just as you asked for. :)
Please have a look at this patch:
http://uwsg.ucs.indiana.edu/hypermail/linux/kernel/0610.0/1402.html
The primary goal is to make access() to respect the "noexec".

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Martin Bligh: "Re: [RFC][PATCH 0/4] Generic container system"
Previous message: Frederik Deweerdt: "[RFC PATCH] add pci_{request,free}_irq take #3"
In reply to: Arjan van de Ven: "Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps"
Next in thread: David Wagner: "Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]