lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Wed, 4 Oct 2006 20:02:29 +0200
From:	"Jesper Juhl" <jesper.juhl@...il.com>
To:	"Stas Sergeev" <stsp@...et.ru>
Cc:	"Arjan van de Ven" <arjan@...radead.org>,
	"Linux kernel" <linux-kernel@...r.kernel.org>,
	"Alan Cox" <alan@...rguk.ukuu.org.uk>,
	"Hugh Dickins" <hugh@...itas.com>,
	"Ulrich Drepper" <drepper@...hat.com>, Valdis.Kletnieks@...edu
Subject: Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps

On 03/10/06, Stas Sergeev <stsp@...et.ru> wrote:
> Hello.
>
> Arjan van de Ven wrote:
> > no what bothers me that on the one hand you want no execute from the
> > partition, and AT THE SAME TIME want stuff to execute from there (being
> > libraries or binaries, same thing to me).
> The original problem came from "noexec" on /dev/shm
> mount. There is no library and no binary there, but
> the programs do shm_open(), ftruncate() and
> mmap(MAP_SHARED, PROT_EXEC) to get some shared memory
> with an exec perm. That fails.
>

So first you mount /dev/shm with 'noexec', thereby telling the system
"please make shared memory non executable".
Then an application goes and asks for executable shared memory, gets
denied and thus fails.  And that's a problem? It's exactely what you
asked for.

Either you want non-executable shared memory, so you mount /dev/shm
'noexec' or you want shared memory to be executable, in which case you
don't mount it 'noexec'.

As I see it, that's really all there is to it.

-- 
Jesper Juhl <jesper.juhl@...il.com>
Don't top-post  http://www.catb.org/~esr/jargon/html/T/top-post.html
Plain text mails only, please      http://www.expita.com/nomime.html
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ