| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <26032.1313623355@turing-police.cc.vt.edu>
Date: Wed, 17 Aug 2011 19:22:35 -0400
From: Valdis.Kletnieks@...edu
To: Roland McGrath <mcgrathr@...gle.com>
Cc: Mel Gorman <mel@....ul.ie>, Will Drewry <wad@...omium.org>,
linux-kernel@...r.kernel.org, Ingo Molnar <mingo@...e.hu>,
Andrew Morton <akpm@...ux-foundation.org>,
Peter Zijlstra <a.p.zijlstra@...llo.nl>,
Al Viro <viro@...iv.linux.org.uk>,
Eric Paris <eparis@...hat.com>,
Andrea Arcangeli <aarcange@...hat.com>,
Rik van Riel <riel@...hat.com>,
Nitin Gupta <ngupta@...are.org>,
Hugh Dickins <hughd@...gle.com>,
Shaohua Li <shaohua.li@...el.com>, linux-mm@...ck.org
Subject: Re: [PATCH] mmap: add sysctl for controlling ~VM_MAYEXEC taint
On Tue, 16 Aug 2011 10:07:46 PDT, Roland McGrath said:
> I think the expectation is that the administrator or system builder
> who decides to set the (non-default) noexec mount option will also
> set the sysctl at the same time.
On the other hand, a design that requires 2 separate actions to be taken in
order to make it work, and which fails unsafe if the second step isn't taken,
is a bad design. If we're talking "expectations", let's not forget that the
mount option is called "noexec", not "only-really-noexec-if-you-set-a-magic-sysctl".
I'll also point out that we didn't add a sysctl in 2.6.0 to say whether or not
to still allow the old "/lib/ld-linux.so your-binary-here" hack to execute binaries
off a partition mounted noexec - we simply said "this will no longer be permitted".
Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists