Re: Require mmap handler for a.out executables

From: Bodo Eggert
Date: Thu Jul 27 2006 - 13:48:55 EST

Marcel Holtmann <marcel@xxxxxxxxxxxx> wrote:

> with the nasty /proc privilege escalation (CVE-2006-3626) it became
> clear that we need to do something more to better protect us against
> people exploiting stuff in /proc. Besides the don't allow chmod stuff,
> Eugene also proposed to depend the a.out execution on the existence of
> the mmap handler. Since we are doing the same for ELF, this makes
> totally sense to me.

Can shell scripts or binfmt_misc be exploited, too? Even if not, I'd
additionally force noexec, nosuid on proc and sysfs mounts.
Ich danke GMX dafür, die Verwendung meiner Adressen mittels per SPF
verbreiteten Lügen zu sabotieren.
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at