> Looks that way. I guess I mis-interpreted the grsec docs > (and since I don't have a kernel compiled with TPE, I didn't > test it). It seems that it already does what I suggested it > do: not allow mmap with PROT_EXEC under certain conditions. > (You did make sure that this behaviour isn't the result of > some other grsecurity option, right?)
Yes I did. Tested it with a whole bunch of grsec options on, but not TPE. Then with the same config, only diff is TPE option is set. First time the /tmp/bash worked "normally", 2nd time gave the result I pasted in my last post. > > Anyway, that's pretty cool. However, I don't suppose it > stops you from running perl scripts, or anything other than > ELF binaries, since files that don't contain machine code > wouldn't need to be mapped with PROT_EXEC. In fact, I > straced perl, and it uses read(2) instead of mmap(2) to load > the code. Unless grsec is really clever, perl programs would > still work, by running /usr/bin/perl /tmp/foo.pl, as long as > you can read /tmp/foo.pl. Correct. I've just tested it just in case :-) $cat foo.pl #!/usr/bin/perl print "foo\n"; $/tmp/foo.pl su: ./toto.pl: /usr/bin/perl: bad interpreter: Permission denied $/usr/bin/perl /tmp/foo.pl foo Which seems pretty logical, indeed. Vincent
