On Tue, 12 Apr 2005 21:20:03 -0000, Eduardo Tongson said: > Stuff like for example circumventing noexec flags on mounted filesystems > still is trivial even with the latest and development versions of the > linux kernel
"like for example" is always a bad way to discuss things, because it's unclear what exactly you're talking about. ;) Now, going with specifics... The last really big "trivial" issue with bypassing noexec on mounted filesystems was closed by a patch from Ulrich Drepper in 2.6.0 - basically forcing you to mmap() the binary in and then mprotect() it to add the exec flag. And at *that* point, it gets ugly, because even if you stop them from calling mprotect() to get it executable, they can still use some variant of "unexec()" (see the Emacs/XEmacs source tree) to dump it out, twiddle the headers, and then exec() it off some other file system. So what specific issue with noexec are *you* thinking of, and what is your proposed fix for it?
pgpM67H1h79Oz.pgp
Description: PGP signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
