Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps

From: Alan Cox
Date: Sun Sep 24 2006 - 09:30:08 EST


Ar Sul, 2006-09-24 am 10:55 +0400, ysgrifennodd Stas Sergeev:
> Before, people could use it and hope the binaries
> won't get executed (and if it was possible to execute
> them by invoking ld.so directly, then ld.so could have
> been fixed). Now the only possibility is to not use the
> "noexec" at all.
> So does that add to security or substract?..

If you want a tmpfs with noexec and a shared memory space with exec why
don't you just sort out mounting two different tmpfs instances ?

Alan

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/