Re: Executable /lib/ld-linux.so breaks noexec

To: debian-devel@lists.debian.org
Subject: Re: Executable /lib/ld-linux.so breaks noexec
From: Matt Zimmerman <mdz@debian.org>
Date: Tue, 20 May 2003 12:33:54 -0400
Message-id: <[🔎] 20030520163354.GE11002@alcor.net>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20030520154520.GA18973@web08.manitu.net>
References: <[🔎] 20030520154520.GA18973@web08.manitu.net>

On Tue, May 20, 2003 at 05:45:21PM +0200, Martin Pitt wrote:

> Is there any particular reason to have /lib/ld-linux.so.* exxecutable?
> If it is used only as a proper library, it need not be executable.
> 
> The problem is that this breaks the "noexec" mount option. If /foo is
> mounted noexec, then one cannot do /foo/myprog, but 
> 
> /lib/ld-linux.so.1 /foo/myprog
> 
> will work.
> 
> This prevents proper separation of executable and writable files, thus
> I consider this as a security hole.
> 
> Any comments to this?

/lib/ld-linux.so.1 is not magic.  It is not setuid or privileged in any
other way in a normal Linux operation.  This should provide a hint as to the
type of 'security' which would be provided by changing its permissions.

'chmod o-x /bin/rm' doesn't prevent anyone from unlinking files.

-- 
 - mdz

Reply to:

References:
- Executable /lib/ld-linux.so breaks noexec
  - From: Martin Pitt <martin@piware.de>

Prev by Date: Re: Accepted pointless 0.3-3 (i386 source)
Next by Date: Re: Executable /lib/ld-linux.so breaks noexec
Previous by thread: Executable /lib/ld-linux.so breaks noexec
Next by thread: Re: Executable /lib/ld-linux.so breaks noexec
Index(es):
- Date
- Thread