Re: user can't mount loop device...
On Sat, Jan 20, 2001 at 08:23:27PM +0100, Tollef Fog Heen wrote:
> noexec is very weak on linux anyhow:
>
> $ ~/bin/hello
> bash: /home/tfheen/bin/hello: Permission denied
> $/lib/ld-linux.so.2 ~/bin/hello
> Hello, world!
> $mount | grep home
> /dev/ide/host0/bus0/target0/lun0/part3 on /home type ext2 (rw,noexec)
> $
This is not a weakness in Linux (the kernel), but a filesystem permissions
problem. There is no need for ld-linux.so.2 to be executable, at least for
executables to run. It can be used for diagnostic purposes, though.
Of course, it is possible to instruct (or trick) many plugin-based programs
into loading an arbitrary .so and executing code in it. But on a stripped-down
system with non-executable ld.so, it should be possible to prevent execution
using noexec.
--
- mdz
Reply to: