[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Executable /lib/ld-linux.so breaks noexec

On Wed, 21 May 2003 01:45, Martin Pitt wrote:
> Is there any particular reason to have /lib/ld-linux.so.* exxecutable?
> If it is used only as a proper library, it need not be executable.
> The problem is that this breaks the "noexec" mount option. If /foo is
> mounted noexec, then one cannot do /foo/myprog, but
> /lib/ld-linux.so.1 /foo/myprog
> will work.

The following the is the result of trying to do that under SE Linux.  Other 
LSM modules should also be able to do the same things.

root@lyta:/tmp# /lib/ld-linux.so.2 /tmp/ls
/tmp/ls: error while loading shared libraries: /tmp/ls: failed to map segment 
from shared object: Permission denied
root@lyta:/tmp# dmesg | tail -1
avc:  denied  { execute } for  pid=27439 exe=/lib/ld-2.3.1.so path=/tmp/ls 
dev=03:02 ino=162902 scontext=rjc:sysadm_r:sysadm_t 
tcontext=rjc:object_r:user_tmp_t tclass=file
root@lyta:/tmp# wc /tmp/ls
    246    1992   69356 /tmp/ls

http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page

Reply to: