On Wed, Feb 09, 2005 at 11:27:32PM -0800, Steve Langasek wrote: > On Thu, Feb 10, 2005 at 06:17:01PM +1100, Paul Hampson wrote: > > > It still lets you execute files that don't have the executable flag > > > set like libc. It's a different bug but it's still there. > > > Is that a bug? I can run -x perl scripts with perl <scriptname> so > > why not -x ELF scripts with /lib/ld-linux.so.2 <ELFname> > > > What stops me taking a copy of the binary, making it +x and running > > that anyway? So I don't see any security concern... > > Not having write access to any media that's not marked noexec? > > But I agree that the security benefits are trivial on a system where > users have access to perl. Or bash, that's enough to do it. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -><- |
Attachment:
signature.asc
Description: Digital signature