Subject: Re: a.out dynamic libraries
To: der Mouse <mouse@rodents.montreal.qc.ca>
From: Bill Sommerfeld <sommerfeld@orchard.arlington.ma.us>
List: tech-toolchain
Date: 05/25/1998 10:08:18
> The major disadvantage, I think, is that it means that any file you can
> read you can ETXTBUSY out by mmapping it with this bit set.  On most
> systems that includes interesting things like logfiles - which could be
> very useful to an attacker.

What if you:
	a) mark shared libraries with execute permission..
	b) don't give execute permission on system logfiles.. ( :-) )
	c) set VTEXT on executable files mapped with PROT_EXEC protections.

This does require a "chmod +x /usr/lib/lib*.so.*.*" for the protection
to take effect..

							- Bill