[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: possible mass-filing of bugs: many shared library packages contain binaries in usr/bin

Joseph Carter <knghtbrd@bluecherry.net> writes:

> > > The problem with this benefit is the small number of people who would
> > > directly benefit from it - how many people do you know with seperate
> > > partitions for /usr/lib?  I don't know many.  Although, from a purely
> > > paranoia standard, I can envision creating one for this very purpose and
> > > think it is worth considering for that purpose.  Having sheer paranoia
> > > levels of security being available to those who would use them is a goal I
> > > think we can all agree is not a bad thing.
> > 
> > With a 2.4 kernel, you shouldn't need a separate partition:
> > 
> > # mount --bind -o ro,noexec /lib /lib
> > # mount --bind -o ro,noexec /usr/lib /usr/lib
> *drool*  I'd totally forgotten that you could do that.
> Count me officially IN SUPPORT of cleaning executables out of /var, /lib,
> and /usr/lib for sarge.  I don't give a rip where they go, but I want them
> out of those directories because _I_ want to do this now.  ;)
> > Bind mounting /usr/lib directly on top of itself with different mount
> > options, you can achieve the same effect (I previously used it to set
> > default filesystem umasks within certain directories).  Hmm, after
> > trying this out, it doesn't seem to work like it does for umasks (I
> > can still run /lib/ld-linux.so.2), possibly a mount bug?
> This is incredibly cool and I had not realized nor considered that --bind
> could be used in this way.  Thank you for the great suggestion, this will
> let me basically do things like make certain directories read-only when I
> am not explicitly upgrading packages.  Not all of /usr, necessarily, but
> certainly /usr/bin, /usr/lib, and /usr/local/{lib,bin} as well..  I can
> then just change it for upgrades and put the safety measure back in place
> when I'm done upgrading things.  Thanks.  =D

I have done some testing, and found that this does not currently work
in linux 2.4.  It should be fixed in 2.5 and so usable in 2.6/3.0,
according to comp.os.linux.development.system.

For /usr, you could potentially protect yourself even more, by
mounting the entire partition noexec, and then just bind mount
/usr/bin and /usr/libexec with exec!

This should be great once it actually works.

Roger Leigh
                ** Registration Number: 151826, http://counter.li.org **
                Need Epson Stylus Utilities? http://gimp-print.sourceforge.net/
                GPG Public Key: 0x25BFB848 available on public keyservers

To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to: