Full Disclosure mailing list archives

Re: Re: January 15 is Personal Firewall Day, help the cause

From: Valdis.Kletnieks () vt edu
Date: Mon, 19 Jan 2004 18:46:40 -0500

On Mon, 19 Jan 2004 20:02:19 +0100, Michal Zalewski said:

How is it an issue? I think it is a feature - it is noexec that is pretty
badly broken by design, and nearly impossible to render secure... and what
does Linux kernel have to do with addressing it?


Well, if you consider noexec to be a feature, the /lib/ld-linux trick was a bug in it.

In what way is it "badly broken"?

Disclaimer: I don't have 2.6 sources at hand, maybe this is the case
(although I somehow doubt there is a reasonable way to fix it kernel -
how, by refusing PROT_EXEC mappings from files on noexec partitions? hope
not).


Here's Ulrich Drepper's patch, as Linus took it:

        struct rb_node ** rb_link, * rb_parent;
        unsigned long charged = 0;
 
-       if (file && (!file->f_op || !file->f_op->mmap))
-               return -ENODEV;
+       if (file) {     
+               if (!file->f_op || !file->f_op->mmap)
+                       return -ENODEV;
+                       
+               if ((prot & PROT_EXEC) && (file->f_vfsmnt->mnt_flags & MNT_NOEXEC))
+                       return -EPERM;
+       }
 
        if (!len)
                return addr;

So yes, they're stomping on PROT_EXEC.  The same code is also in 2.4.25-pre6.

Attachment: _bin
Description:

Current thread:

RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause, (continued)
- - - RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
    - RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Wes Noonan (Jan 18)
    - Re: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Jim Race (Jan 18)
    - Re: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 18)
    - RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Bill Royds (Jan 18)
    - RE: Religion... was RE: Re: January 15 is Personal Firewall Day, help the cause Mike Marshall (Jan 18)
    - Re: Symantec AntiVirus and AOL Joshua Levitsky (Jan 18)
    - Re: Re: January 15 is Personal Firewall Day, help the cause Martin Mačok (Jan 19)
    - Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 19)
    - Re: Re: January 15 is Personal Firewall Day, help the cause Michal Zalewski (Jan 19)
    - Re: Re: January 15 is Personal Firewall Day, help the cause Valdis . Kletnieks (Jan 19)
    - Re: Re: January 15 is Personal Firewall Day, help the cause Michal Zalewski (Jan 19)
    - Re: linux noexec (Re: January 15 is Personal Firewall Day) Martin Mačok (Jan 20)
    - Re: Re: January 15 is Personal Firewall Day, help the cause Mary Landesman (Jan 16)
    - Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
    - Re: Re: January 15 is Personal Firewall Day, help the cause jan . muenther (Jan 16)
    - Re: Re: January 15 is Personal Firewall Day, help the cause David F. Skoll (Jan 16)
    - RE: Re: January 15 is Personal Firewall Day, help the cause Bill Royds (Jan 16)
    - RE: Re: January 15 is Personal Firewall Day, help the cause Erik van Straten (Jan 17)
    - Re: Re: January 15 is Personal Firewall Day, help the cause jan . muenther (Jan 17)
    - Re: Re: January 15 is Personal Firewall Day, help the cause William Warren (Jan 17)

(Thread continues...)