Full Disclosure mailing list archives
Re: linux bugs (survival stories)?
From: Valdis.Kletnieks () vt edu
Date: Tue, 12 Apr 2005 23:34:43 -0400
On Wed, 13 Apr 2005 01:41:03 BST, pageexec () freemail hu said:
the real problem with the current linux noexec mount handling is that by not restricting mprotect one can just construct an ELF file that when mmap'ed will overlap the stack and call mprotect and execute your code, effectively circumventing this measure (there was a longish thread on this topic last May on dailydave), this gives you a false sense of security only, not security. without such a restriction a sysadmin cannot enforce a W^X policy at the file system level. NetBSD (maybe the others as well, i didn't check) and PaX both forbid mprotect(PROT_EXEC) on noexec mounts for this reason.
Now this, unlike the /lib/ld-linux.so hack, is a still-existing issue. However, this is getting rather far afield, because: 1) This is quite arguably a "design decision" rather than an outright bug. 2) Whether it's a bug or not, it only impacts userspace security - and we started off discussing protecting the kernel itself from kernel bugs.... (Not that I'm adverse to a thread on "what the kernel could do to harden userspace" - but somebody needs to change the Subject: line if we go that way...)
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: linux bugs (survival stories)?, (continued)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? Georgi Guninski (Apr 12)
- Re: linux bugs (survival stories)? dk (Apr 12)
- Re: linux bugs (survival stories)? Eduardo Tongson (Apr 12)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? Eduardo Tongson (Apr 12)
- Re: linux bugs (survival stories)? Joachim Schipper (Apr 12)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? Eduardo Tongson (Apr 13)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? pageexec (Apr 13)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 13)
- Re: linux bugs (survival stories)? pageexec (Apr 13)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 13)
- Re: linux bugs (survival stories)? pageexec (Apr 13)