[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: noexec mount option (was: Email based attack on University)

On Fri, Oct 04, 2019 at 05:52:45PM +0200, Sven Joachim wrote:
> On 2019-10-04 16:22 +0100, Jonathan Dowland wrote:
> > On Wed, Oct 02, 2019 at 07:03:59PM +1000, Keith Bainbridge wrote:
> >> I wonder if having /home on a 'noexec' partition would stop this
> >> attack, please?
> >
> > I don't know specifically about this attack, but noexec is trivial to
> > circumvent.
> Is it?  Running scripts in shell, Perl or Python is trivial since you
> can just invoke the interpreter, but for binaries it is not so easy.

For binaries, the "interpreter" is just ld.so :-)

But as you state below, there seems to be some protection for that...

> > Here's three ways:
> >
> >    bash -c "~/whatever"
> Does not work, bash reports "Permission denied".

Interesting (I actually never tried). Noexec seems to do a tad
more than "just" ignoring the x bit. For bash, you can "fix"
that by feeding it ~/whatever through stdin (e.g. -s or something).

For a binary... I think ld.so wants to mmap it.

-- t

Attachment: signature.asc
Description: Digital signature

Reply to: