[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Executable /lib/ld-linux.so breaks noexec

On Tue, May 20, 2003 at 05:45:21PM +0200, Martin Pitt wrote:

> Is there any particular reason to have /lib/ld-linux.so.* exxecutable?
> If it is used only as a proper library, it need not be executable.
> The problem is that this breaks the "noexec" mount option. If /foo is
> mounted noexec, then one cannot do /foo/myprog, but 
> /lib/ld-linux.so.1 /foo/myprog
> will work.
> This prevents proper separation of executable and writable files, thus
> I consider this as a security hole.
> Any comments to this?

/lib/ld-linux.so.1 is not magic.  It is not setuid or privileged in any
other way in a normal Linux operation.  This should provide a hint as to the
type of 'security' which would be provided by changing its permissions.

'chmod o-x /bin/rm' doesn't prevent anyone from unlinking files.

 - mdz

Reply to: