lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 25 Sep 2006 21:43:36 +0400 From: Stas Sergeev <stsp@...et.ru> To: Linux kernel <linux-kernel@...r.kernel.org> Cc: Denis Vlasenko <vda@...t.imtp.ilyichevsk.odessa.ua> Subject: Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps Hi **David, please CC me next time, if possible. David Wagner wrote: > Makes sense. Of course, nothing prevents an attacker from > introducing malicious loaders, since the loader is an unprivileged > user-level program. I think having all the user-writable partitions noexec actually does prevent an attacker from introducing a malicious loader, or at least to invoke it. That's why I think a simple "do not use noexec whenever it hurts" is a bad option. >>/filesystem. Think VFAT partition here, where all/ >>/files have execute bits set./ Not strictly related to the topic, but Denis, have you tried "fmask" option to get rid of this? > That suggests that the question to Stas should be: Do these programs that > you're trying to make work count as example of accidental execution of > binaries on the tmpfs, or are they deliberate execution knowing full well > that the noexec flag is set and damn the consequences? This is not at all about executing the *binaries* on tmpfs, and this is very important. What these progs need is only to mmap a piece of a shared memory with the PROT_EXEC permission. Nothing more. Previously, noexec did not prevent this. Now it does. What is worse, it prevents this also for MAP_PRIVATE. This is really something I cannot understand. The "ro" option doesn't prevent PROT_WRITE for MAP_PRIVATE, thats the known fact. - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists