On Fri, Oct 24, 2003 at 12:18:54PM +0200, Tobias Diedrich wrote: > Using ld.so one can execute programs on noexec mounts, which renders > noexec useless: > > melchior:/boot# mount -o remount,noexec /boot > melchior:/boot# cp /bin/bash . > melchior:/boot# sed -i -e 's/Software/Saftware/g' ./bash > melchior:/boot# /lib/ld-2.3.2.so /boot/bash --version > GNU bash, version 2.05b.0(1)-release (i386-pc-linux-gnu) > Copyright (C) 2002 Free Saftware Foundation, Inc. > > Appearently this is known since 1999, see: > http://sources.redhat.com/ml/libc-alpha/2000-09/msg00071.html
Yes, this is an old and widely known issue, and as a result I think it is implied that upstream does not plan to change the behaviour. The usefulness of noexec as a security measure, however, is rather limited, and given access to run arbitrary commands in /usr or such, it is only a matter of some searching to find a way to execute programs. The system is not designed with this in mind. -- - mdz