Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps
From: Stas Sergeev
Date: Mon Sep 25 2006 - 13:42:30 EST
Hi **David, please CC me next time, if possible.
David Wagner wrote:
Makes sense. Of course, nothing prevents an attacker from
introducing malicious loaders, since the loader is an unprivileged
user-level program.
I think having all the user-writable partitions
noexec actually does prevent an attacker from
introducing a malicious loader, or at least to
invoke it. That's why I think a simple "do not
use noexec whenever it hurts" is a bad option.
/filesystem. Think VFAT partition here, where all/
/files have execute bits set./
Not strictly related to the topic, but Denis, have
you tried "fmask" option to get rid of this?
That suggests that the question to Stas should be: Do these programs that
you're trying to make work count as example of accidental execution of
binaries on the tmpfs, or are they deliberate execution knowing full well
that the noexec flag is set and damn the consequences?
This is not at all about executing the *binaries*
on tmpfs, and this is very important. What these
progs need is only to mmap a piece of a shared
memory with the PROT_EXEC permission. Nothing more.
Previously, noexec did not prevent this. Now it does.
What is worse, it prevents this also for MAP_PRIVATE.
This is really something I cannot understand.
The "ro" option doesn't prevent PROT_WRITE for MAP_PRIVATE,
thats the known fact.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/