Subject: Re: chroot jail for ftpd
To: Jonathan Stone <jonathan@DSG.Stanford.EDU>
From: Thor Lancelot Simon <>
List: tech-kern
Date: 10/18/2001 19:38:36
On Thu, Oct 18, 2001 at 04:02:48PM -0700, Jonathan Stone wrote:
> >2) We don't even *check* to see if files have execute permission before
> > executing code that came from them via mmap -- for example, shared
> > libraries.  
> And here we need to check noexec, not for x bits.  If I can write a
> trojan .so file into a writable filesystem, I can set teh x bit on
> that trojan .so file, too.

So what?  I suggest that the treatment should be exactly the same as for
executable files: the x bit should not be honored if noexec is set, and
if the x bit is not present or not honored, the code should not be executed.

Thor Lancelot Simon	                            
    And now he couldn't remember when this passion had flown, leaving him so
  foolish and bewildered and astray: can any man?
						   William Styron