> Le 20/10/2013 16:53, Theo de Raadt a écrit : > >> when the kernel loads an ELF binary, it will also load its interpreter. > >> The kernel checks the rights of the interpreter, that way: > >> > >> if ((error = VOP_ACCESS(vp, VREAD, p->p_ucred, p)) != 0) > >> goto bad1; > >> > >> It should check with VEXEC instead of VREAD. Interpreters get executed, > >> so they have to be executable; a read-only interpreter shouldn't be > >> loaded by the kernel. > > > > I am not sure I agree on this. > > > > Why?
VEXEC is used in other cases to insist on a filesystem permission, for instance, when supplying a path for execve(). The interpreter is not a path supplied to execve.
