[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Executable /lib/ld-linux.so breaks noexec



Hi,

On Tue, May 20, 2003 at 05:45:21PM +0200, Martin Pitt wrote:

> Hi!
> 
> Is there any particular reason to have /lib/ld-linux.so.* exxecutable?
> If it is used only as a proper library, it need not be executable.
> 
> The problem is that this breaks the "noexec" mount option. If /foo is
> mounted noexec, then one cannot do /foo/myprog, but 
> 
> /lib/ld-linux.so.1 /foo/myprog
> 
> will work.
> 
> This prevents proper separation of executable and writable files, thus
> I consider this as a security hole.
> 
> Any comments to this?

It's not possible if you don't give read permissions on /foo/myprog to
users who are not allowed to execute it.

If /foo/myprog is a shell script or executable by another interpreter
that the user is allowed to run, then you've still got your hole. In
short, I think you're trying to place a barrier at a very non-strategic,
if not indefensible place.

Also, keep in mind that it will prevent anything if that person was
prevented from running anything he put on the system himself in the
first place.

All that is hard to do, and not really necessary if you use the standard
Unix permission system sensibly. 

In general, you should not give access to sensitive files to "other" and
then to try and prevent "other" from using any sort of command such as
/foo/myprog that will give access to those files; you're making it
unnecesarily hard for yourself, and you'll almost inevitably leave one
or more access methods open. There are just too many ways to do it.

Running a non-setuid program as non-root should never be dangerous in
the first place, except to the files of the user running it. If it is,
you're already in great danger and should fix your security problem.

I'm not saying userland security is never needed or useful, but still:
never use userland security as a substitute for properly set up
filesystem permissions.

Cheers,


Emile.

-- 
E-Advies - Emile van Bergen           emile@e-advies.nl      
tel. +31 (0)70 3906153           http://www.e-advies.nl    

Attachment: pgp4tqqRu7G5G.pgp
Description: PGP signature


Reply to: