Wesley Morgan wrote:
> On Thu, 4 Sep 2003, Scott M. Likens wrote:
> > On Thu, 2003-09-04 at 07:44, Paul Richards wrote:
> > > Overwriting a file that's currently executing results in a "Text file
> > > busy" error.
> >
> > this "feature" has always existed in FreeBSD for as long as I remember.
> It's also unfortunate that this protection does not seem to extend to
> libaries. I've had some in-use X libraries get overwritten with some very
> colorful results.

So send patches.  The specific problem is in the ld.so mapping
of a page in a library file as "executable", and this mapping
not setting the bit on the file image.

In general, this isn't done because the other references to the
file image may be as data (there's a race condition on install,
and a security race, if the libraries are writable, that could
permit a linked-shared SUID executable to be compromised after
it's running, but then if it's writable at all, that exists
anyway).  So it's probably safe to do this without resource
tracking the processes who've got it mapped this way.

My ld.so currently differs significantly from the stock version,
as does my C++ static constructor code, since I have a working
static libdlopen on my own developement boxes, so the patches I
have for this would be pretty useless for you, but they would
be quite trivial to recreate; all you do is set the bit whem mmap
has PROT_EXEC, or when mprotect has PROT_EXEC (both of these are
used by ld.so; for the crt0.c startup code that loads ld.so
initially, only mmap is used).

-- Terry
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to