Subject: Re: chroot jail for ftpd
To: None <>
From: Darren Reed <>
List: tech-kern
Date: 10/19/2001 08:56:15
can we decide whether this belongs on tech-kern or tech-security, please ?

In some email I received from Thor Lancelot Simon, sie wrote:
> On Thu, Oct 18, 2001 at 03:41:57PM -0700, Jonathan Stone wrote:
> > 
> > >Yes, highly verbotten.  There is another way to accomplish this.  I'll
> > >take a look, but I would suggest making THAT check dependent on a sysctl
> > >variable that defaults to "off".
> > 
> > I already suggested the sysctl.  Problem is, this check doesnt
> > acutally close the loophole Thor is worried about, unless you also
> > (at a minimum) prohibit anyone from setting x bits on files on a
> > filesystem mounted writable-but-noexec.
> I have two separate concerns:
> 1) Code from shared libraries can be mapped PROT_EXEC, and thus directly
>    executed, though the files do not actually have execute permission.
> 2) We don't even *check* to see if files have execute permission before
>    executing code that came from them via mmap -- for example, shared
>    libraries.
> The sum total of these bugs is the security hole I'm complaining about:
> shared libraries can be used to subvert a carefully-constructed secure
> system where there are no writable filesystems on which any file will be
> treated by the kernel as if it has execute permission.  I still think
> they are both bugs independently.
> -- 
> Thor Lancelot Simon	                            
>     And now he couldn't remember when this passion had flown, leaving him so
>   foolish and bewildered and astray: can any man?
> 						   William Styron