lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20100122113021.2c850509@lxorguk.ukuu.org.uk>
Date:	Fri, 22 Jan 2010 11:30:21 +0000
From:	Alan Cox <alan@...rguk.ukuu.org.uk>
To:	Stepan Chatalyan <kehcho@...il.com>
Cc:	linux-kernel@...r.kernel.org
Subject: Re: Hi all, bug or design flaw?

> (3) I tried to execut it with "./createdfile"
> [kehcho@...cho] [/tmp]$ ./createdfile
> -bash: ./createdfile: /bin/bash: bad interpreter: Permission denied

The kernel noexec blocks execution of binaries from the file system. It's
not really a 'security' model so much as a useful historic way of
stopping people running wrong things by accident, and over NFS and the
like of stopping people trying to run binaries for the wrong machine

> (4) I tried to execute it, but pass to bash ". /tmp/createdfile"
> 
> [kehcho@...nadowt] [/tmp]$ . /tmp/createdfile
> Probe...
> 
> It is a kernel bug or I just report a another one?

Then bash loads the file and interprets the commands - not the kernel.

Data is data - there is no real distinction between "instructions" to
execute and "data files" in computing.

The "nosuid" bit is different. Only the kernel has the power to grant
suid status so while you could run a noexec program by hand loading it
you couldn't make it run setuid that way.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ