Re: user can't mount loop device...

[Matt Zimmerman <mdz@debian.org>]

On Sat, Jan 20, 2001 at 08:23:27PM +0100, Tollef Fog Heen wrote:

> noexec is very weak on linux anyhow:
> 
> $ ~/bin/hello 
> bash: /home/tfheen/bin/hello: Permission denied
> $/lib/ld-linux.so.2 ~/bin/hello 
> Hello, world!
> $mount | grep home
> /dev/ide/host0/bus0/target0/lun0/part3 on /home type ext2 (rw,noexec)
> $

This is not a weakness in Linux (the kernel), but a filesystem permissions
problem.  There is no need for ld-linux.so.2 to be executable, at least for
executables to run.  It can be used for diagnostic purposes, though.

Of course, it is possible to instruct (or trick) many plugin-based programs
into loading an arbitrary .so and executing code in it.  But on a stripped-down
system with non-executable ld.so, it should be possible to prevent execution
using noexec.

-- 
 - mdz