Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps

[Stas Sergeev]

Hello.

Ulrich Drepper wrote:
> You keep repeating the same nonsense over and over again, lot listening
> to anybody who doesn't agree with your position.
My position is simple: the ld.so problem needs a better
solution than the current one. The current one, for example,
still allows to use ld.so directly to execute the files for
which you do not have an exec permission. And that's not an
only problem...

> If you don't want to have the noexec semantics on a filesystem, remove
> it.
And allow an attacker to store his files on that partition,
and then execute them.

> Not using the strict (mmap + protect) makes the whole thing
There is no "mmap + mprotect" here - only mmap was changed.

> completely meaningless since ld.so can be invoked directly.
I have already proposed another solution for ld.so problem
3 times. That fact doesn't make it a good solution of course,
but obviously you haven't had a look.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/