Re: Security question: "Text file busy" overwriting executables but not shared libraries?

From: Alexander Viro (
Date: Wed Oct 03 2001 - 02:07:56 EST

On Tue, 2 Oct 2001, Rob Landley wrote:

> Anybody want to venture an opinion why overwriting executable files that are
> currently in use gives you a "text file busy" error, but overwriting shared
> libraries that are in use apparently works just fine (modulo a core dump if
> you aren't subtle about your run-time patching)?
> Permissions are still enforced, but it seems to me somebody who cracks root
> on a system could potentially modify the behavior of important system daemons
> without changing their process ID numbers.
> Did I miss something somewhere?

Somebody who cracks root can attach gdb to a daemon, modify the contents of
its text segment and detach. No need to change any files...

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun Oct 07 2001 - 21:00:26 EST