On Fri, Oct 24, 2003 at 12:18:54PM +0200, Tobias Diedrich wrote:

> Using ld.so one can execute programs on noexec mounts, which renders
> noexec useless:
> 
> melchior:/boot# mount -o remount,noexec /boot
> melchior:/boot# cp /bin/bash .
> melchior:/boot# sed -i -e 's/Software/Saftware/g' ./bash
> melchior:/boot# /lib/ld-2.3.2.so /boot/bash  --version
> GNU bash, version 2.05b.0(1)-release (i386-pc-linux-gnu)
> Copyright (C) 2002 Free Saftware Foundation, Inc.
> 
> Appearently this is known since 1999, see:
> http://sources.redhat.com/ml/libc-alpha/2000-09/msg00071.html

Yes, this is an old and widely known issue, and as a result I think it is
implied that upstream does not plan to change the behaviour.  The usefulness
of noexec as a security measure, however, is rather limited, and given
access to run arbitrary commands in /usr or such, it is only a matter of
some searching to find a way to execute programs.  The system is not
designed with this in mind.

-- 
 - mdz


Reply via email to