On Fri, Feb 04, 2005 at 10:37:03PM +0100, Goswin von Brederlow wrote: > Henrique de Moraes Holschuh <hmh@debian.org> writes: > > > On Fri, 04 Feb 2005, Goswin von Brederlow wrote: > >> The way to circumvent a noexec is to call the dynamic linker like I > >> did for libc: > >> > >> /lib64/ld-linux-x86-64.so.2 <any file> > > > > Is it? In sid, ia32: > > /lib/ld-linux.so.2 ./test > > ./test: error while loading shared libraries: ./test: failed to map segment > > from shared object: Operation not permitted > > > > This is a noexec partition. > > > > /lib/ld-linux.so.2 /bin/ls > > test test.c test.sh > > > > This is an exec partition. > > > > > > The hole is/has being/been closed. > > It still lets you execute files that don't have the executable flag > set like libc. It's a different bug but it's still there. Is that a bug? I can run -x perl scripts with perl <scriptname> so why not -x ELF scripts with /lib/ld-linux.so.2 <ELFname> What stops me taking a copy of the binary, making it +x and running that anyway? So I don't see any security concern... -- ----------------------------------------------------------- Paul "TBBle" Hampson, MCSE 8th year CompSci/Asian Studies student, ANU The Boss, Bubblesworth Pty Ltd (ABN: 51 095 284 361) Paul.Hampson@Anu.edu.au "No survivors? Then where do the stories come from I wonder?" -- Capt. Jack Sparrow, "Pirates of the Caribbean" This email is licensed to the recipient for non-commercial use, duplication and distribution. -----------------------------------------------------------
Attachment:
signature.asc
Description: Digital signature