[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Executable /lib/ld-linux.so breaks noexec



Colin Watson wrote:
> On Tue, May 20, 2003 at 05:15:22PM +0100, Matthew Garrett wrote:
> > Martin Pitt wrote:
> > >Is there any particular reason to have /lib/ld-linux.so.* exxecutable?
> > >If it is used only as a proper library, it need not be executable.
> > 
> > mjg59@asparagine:~/priv$ sudo chmod a-x /lib/ld-linux.so.2
> > Password:
> > mjg59@asparagine:~/priv$ ls
> > bash: /bin/ls: Permission denied
> > mjg59@asparagine:~/priv$ sudo chmod a+x /lib/ld-linux.so.2
> > bash: /usr/bin/sudo: Permission denied
> > 
> > Irritated now.
> 
> Indeed; /lib/ld-linux.so.2 is in the PT_INTERP field of the ELF header.
> load_elf_binary() in fs/binfmt_elf.c uses open_exec() to open it, which
> (fs/exec.c) contains this code:
> 
>                         int err = permission(inode, MAY_EXEC);
>                         if (!err && !(inode->i_mode & 0111))
>                                 err = -EACCES;

That behavior always struck me as fairly evil -- it's never fun when one
single bit flip can take down a system, and I'd like to see the number
of bits that can do so be as small as possible. Now that you point out
the actual code I wish we could do away with that check. Does it really
buy anything for elf executables?

-- 
see shy jo

Attachment: pgp0r9ued_rhk.pgp
Description: PGP signature


Reply to: