Subject: Re: chroot jail for ftpd
To: Perry E. Metzger <perry@wasabisystems.com>
From: Jonathan Stone <jonathan@DSG.Stanford.EDU>
List: tech-security
Date: 10/17/2001 19:33:20
In message <87snchlmre.fsf@snark.piermont.com>"Perry E. Metzger" writes
>So we tell people with giant large letters to chmod +x /usr/lib/lib*so.*
>and be done with it. Better than leaving this go forever.
We can do /usr/lib/lib*.so* that when we build sets or do from-source upgrades.
Then there's /usr/X11R6/lib, and /usr/pkg/lib, and anything needed
under emulation mode, and any other third-party binaries....
Would checking for +x for shared libs at per-mounted-filesystem
granularity (either interpreting noexec to mean "dont allow executable
mappings either" , or via a new mount option) address Thor's specific
issue? As an alternative transitional path?
Then again, I got bitten enough by code which did
read-but-not-executable mappings sufficiently often that I have little
faith in apps which open shared libs (via dl_*) acutally doing the
right thing. The only platform I'd have confidence in apps correctly
requesting PROT_EXEC is on Pyramids, or other hardware where the MMU
distinguished data-fetches from I-fetches, and honoured PROT_EXEC
accordingly.