Subject: Re: mmap(), security and /dev/zero
To: Curt Sampson <firstname.lastname@example.org>
From: Daniel Carosone <email@example.com>
Date: 06/24/2004 10:57:36
Content-Type: text/plain; charset=us-ascii
On Thu, Jun 24, 2004 at 09:51:46AM +0900, Curt Sampson wrote:
> Doesn't the noexec flag allow you to do this already?
No, it needs this change to work. Otherwise, potentially, a program
executed from a r/o filesystem might be somehow tricked into loading
shlibs from a writable path.
If the shlib needed x bits in order to be executed, and the filesystem
it was on was noexec, then the potential hole is closed.
Count me amongst the group that like this change, btw.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (NetBSD)
-----END PGP SIGNATURE-----