Subject: noexec + shared libraries
To: None <>
From: Andrew Brown <>
List: tech-security
Date: 04/19/2000 14:46:15
  by with SMTP; 19 Apr 2000 18:46:16 -0000
	by (8.10.1/8.10.1/bonk!) id e3JIkFI17921
	for; Wed, 19 Apr 2000 14:46:15 -0400 (EDT)
Date: Wed, 19 Apr 2000 14:46:15 -0400
From: Andrew Brown <>
Subject: noexec + shared libraries
Message-ID: <>
Reply-To: Andrew Brown <>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii

i don't know off the top of my head but i'd be willing to guess that:

 * allowing shared libraries to be used (used as executable text) from
   a file system mounted noexec is a bad thing

 * netbsd (and probably all other unixes) don't specifically disallow

two cases come to mind:

 * the run-time linker obeys a user's LD_LIBRARY_PATH and mistakenly
   links in a library on a volume nfs mounted from a foreign
   architecture resulting in a program crash (hopefully).

 * the user gets a hacked copy of a shared libc for the right
   architecture, can only put it in his home directory (can't write
   anywhere else since bofh enforces strict quotas) that is on a
   volume mounted noexec (bofh doesn't trust his users either), and
   cons the run-time linker into using it instead of the system libc,
   thereby circumventing any "illusions" the bofh had at users not
   being able to do something.

i guess it would be theoretically possible (although i've not tried
this) to put a c compiler (or anything else for that matter, eg ftp or
telnet) in a share library (ala libperl) and run it via the run-time
linker and some "trusted" program.z

|-----< "CODE WARRIOR" >-----|             * "ah!  i see you have the internet (Andrew Brown)                that goes *ping*!"       * "information is power -- share the wealth."