lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Sun, 08 Oct 2006 17:22:45 +0400
From:	Stas Sergeev <stsp@...et.ru>
To:	Jesper Juhl <jesper.juhl@...il.com>
Cc:	Jeremy Fitzhardinge <jeremy@...p.org>,
	Alan Cox <alan@...rguk.ukuu.org.uk>,
	Jakub Jelinek <jakub@...hat.com>,
	Arjan van de Ven <arjan@...radead.org>,
	Linux kernel <linux-kernel@...r.kernel.org>,
	Hugh Dickins <hugh@...itas.com>,
	Ulrich Drepper <drepper@...hat.com>
Subject: Re: [patch] honour MNT_NOEXEC for access()

Hello.

Jesper Juhl wrote:
> As I see it, what we can resonably do with 'noexec' is
> - make execve() fail.
Done. 

> - make access(), faccessat() return EACCESS for files stored on
> 'noexec' filesystems.
Done now in -mm.

> - make mmap(...PROT_EXEC...) fail for files stored on 'noexec' filesystems.
Even for MAP_PRIVATE?
But in what way the "noexec" is better than "chmod -x",
which does _not_ make the PROT_EXEC to fail?

> Since we can't really prevent things like perl/php/bash/tcl/whatever
> scripts from being executed/interpreted from there with this
> mechanism, let's not worry about that.  Leave that for things like
> SELinux to deal with.
Exactly, but isn't it the same with mmap? (MAP_PRIVATE at least)
Since you can't prevent the prog to simply read() the data into
an anonymously mapped space, you can just as well leave that to
selinux too.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists