Re: Executable /lib/ld-linux.so breaks noexec
On Tue, May 20, 2003 at 05:45:21PM +0200, Martin Pitt wrote:
> Is there any particular reason to have /lib/ld-linux.so.* exxecutable?
> If it is used only as a proper library, it need not be executable.
> The problem is that this breaks the "noexec" mount option. If /foo is
> mounted noexec, then one cannot do /foo/myprog, but
> /lib/ld-linux.so.1 /foo/myprog
> will work.
> This prevents proper separation of executable and writable files, thus
> I consider this as a security hole.
> Any comments to this?
/lib/ld-linux.so.1 is not magic. It is not setuid or privileged in any
other way in a normal Linux operation. This should provide a hint as to the
type of 'security' which would be provided by changing its permissions.
'chmod o-x /bin/rm' doesn't prevent anyone from unlinking files.