Re: [PATCH] fexecve

To: Eric Haszlakiewicz <erh%nimenees.com@localhost>
Subject: Re: [PATCH] fexecve
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Fri, 16 Nov 2012 12:50:28 -0500

On Fri, Nov 16, 2012 at 11:31:20AM -0600, Eric Haszlakiewicz wrote:
> On Thu, Nov 15, 2012 at 07:39:03PM -0500, Thor Lancelot Simon wrote:
> > On Thu, Nov 15, 2012 at 05:18:04PM -0600, Eric Haszlakiewicz wrote:
> > > 
> > > Well setuid executables seem like a special case, but other than that, I
> > > think I can probably manage to execute something without an exec call.
> > > In fact I know I can, just by linking against any dynamic library and
> > > calling one of the functions in it.
> > 
> > You can't load a dynamic library that's on a filesystem mounted noexec.
> 
> er... so the dynamic linker looks like it tries to mmap the file with execute
> permissions, and that fails, but what's to prevent me from just reading the 
> file into memory and jumping to that address?  I feel like I'm missing 
> something here...

If it's not mapped MAP_EXEC, you can't jump there.  If you can, you either
have a hardware limitation that makes W^X impossible, or you have a pmap
bug.

Follow-Ups:
- Re: [PATCH] fexecve
  - From: Matt Thomas

References:
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: Julian Yon
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: Eric Haszlakiewicz
- Re: [PATCH] fexecve
  - From: Thor Lancelot Simon
- Re: [PATCH] fexecve
  - From: Eric Haszlakiewicz

Prev by Date: Re: [PATCH] fexecve
Next by Date: Re: [PATCH] fexecve
Previous by Thread: Re: [PATCH] fexecve
Next by Thread: Re: [PATCH] fexecve
Indexes:

Home | Main Index | Thread Index | Old Index