Re: Security question: "Text file busy" overwriting executables but not shared libraries?

From: Jesse Pollard (
Date: Wed Oct 03 2001 - 07:49:39 EST

Alexander Viro <>:
> On Tue, 2 Oct 2001, Rob Landley wrote:
> > Anybody want to venture an opinion why overwriting executable files that are
> > currently in use gives you a "text file busy" error, but overwriting shared
> > libraries that are in use apparently works just fine (modulo a core dump if
> > you aren't subtle about your run-time patching)?
> >
> > Permissions are still enforced, but it seems to me somebody who cracks root
> > on a system could potentially modify the behavior of important system daemons
> > without changing their process ID numbers.
> >
> > Did I miss something somewhere?
> Somebody who cracks root can attach gdb to a daemon, modify the contents of
> its text segment and detach. No need to change any files...

True, but the original problem still appears to be a bug.

Even the owner of the file should not be able to write to a busy executable,
whether it is a shared library, or an executable image. Remove it, yes.
Create a new one (in a different inode) - yes.

But not modify a busy executable.

Jesse I Pollard, II

Any opinions expressed are solely my own.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to
More majordomo info at
Please read the FAQ at

This archive was generated by hypermail 2b29 : Sun Oct 07 2001 - 21:00:26 EST