Subject: Re: a.out dynamic libraries
To: der Mouse <email@example.com>
From: Bill Sommerfeld <firstname.lastname@example.org>
Date: 05/25/1998 10:08:18
> The major disadvantage, I think, is that it means that any file you can
> read you can ETXTBUSY out by mmapping it with this bit set. On most
> systems that includes interesting things like logfiles - which could be
> very useful to an attacker.
What if you:
a) mark shared libraries with execute permission..
b) don't give execute permission on system logfiles.. ( :-) )
c) set VTEXT on executable files mapped with PROT_EXEC protections.
This does require a "chmod +x /usr/lib/lib*.so.*.*" for the protection
to take effect..