Subject: Re: chroot jail for ftpd
To: None <firstname.lastname@example.org>
From: Darren Reed <email@example.com>
Date: 10/19/2001 08:56:15
can we decide whether this belongs on tech-kern or tech-security, please ?
In some email I received from Thor Lancelot Simon, sie wrote:
> On Thu, Oct 18, 2001 at 03:41:57PM -0700, Jonathan Stone wrote:
> > >Yes, highly verbotten. There is another way to accomplish this. I'll
> > >take a look, but I would suggest making THAT check dependent on a sysctl
> > >variable that defaults to "off".
> > I already suggested the sysctl. Problem is, this check doesnt
> > acutally close the loophole Thor is worried about, unless you also
> > (at a minimum) prohibit anyone from setting x bits on files on a
> > filesystem mounted writable-but-noexec.
> I have two separate concerns:
> 1) Code from shared libraries can be mapped PROT_EXEC, and thus directly
> executed, though the files do not actually have execute permission.
> 2) We don't even *check* to see if files have execute permission before
> executing code that came from them via mmap -- for example, shared
> The sum total of these bugs is the security hole I'm complaining about:
> shared libraries can be used to subvert a carefully-constructed secure
> system where there are no writable filesystems on which any file will be
> treated by the kernel as if it has execute permission. I still think
> they are both bugs independently.
> Thor Lancelot Simon firstname.lastname@example.org
> And now he couldn't remember when this passion had flown, leaving him so
> foolish and bewildered and astray: can any man?
> William Styron