On 05/15/2017 15:36, Alexey Dokuchaev wrote: > On Mon, May 15, 2017 at 10:25:29PM +0300, Konstantin Belousov wrote: >> On Mon, May 15, 2017 at 01:08:55PM -0600, Ian Lepore wrote: >>> Well, for example, it seems like it would allow anyone to execute a >>> binary even if the sysadmin had set it to -x specifically to prevent >>> people from running it. >> >> The direct mode does not (and cannot) honor set{u,g}id modes of the >> executable, so any binary run this way would only exercise the existing >> power of the user which did it. >> >> The most advanced explanation that I was given in private was among >> the lines: "if you have an environment where users can upload content >> to a shared server, but have no access to chmod(2), no compilers, no >> scripting languages, etc." The person then admitted that (s)he does not >> consider it as an actual concern. > > Would this now allow executing binaries (with or without +x bit) from > filesystems mounted with -o noexec? > > ./danfe
No: # zfs create -o mountpoint=/mnt -o exec=off tank/TEST # cp /bin/sh /mnt/ # /mnt/sh /mnt/sh: Permission denied. # /libexec/ld-elf.so.1 /mnt/sh /mnt/sh: mmap of data failed: Permission denied - Nikolai Lifanov
signature.asc
Description: OpenPGP digital signature