tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: [PATCH] fexecve



On Thu, Nov 15, 2012 at 07:39:03PM -0500, Thor Lancelot Simon wrote:
> On Thu, Nov 15, 2012 at 05:18:04PM -0600, Eric Haszlakiewicz wrote:
> > 
> > Well setuid executables seem like a special case, but other than that, I
> > think I can probably manage to execute something without an exec call.
> > In fact I know I can, just by linking against any dynamic library and
> > calling one of the functions in it.
> 
> You can't load a dynamic library that's on a filesystem mounted noexec.

er... so the dynamic linker looks like it tries to mmap the file with execute
permissions, and that fails, but what's to prevent me from just reading the 
file into memory and jumping to that address?  I feel like I'm missing 
something here...

eric


Home | Main Index | Thread Index | Old Index