Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps

From: David Wagner
Date: Wed Oct 04 2006 - 17:32:14 EST

Next message: Tim Chen: "Re: [PATCH] Fix WARN_ON / WARN_ON_ONCE regression"
Previous message: Frederik Deweerdt: "Re: [RFC PATCH] add pci_{request,free}_irq take #3"
In reply to: Stas Sergeev: "Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps"
Next in thread: David Wagner: "Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Stas Sergeev wrote:
>The primary goal is to make access() to respect the "noexec".

Unfortunately, access() is insecure by design -- it is inherently
susceptible to race conditions (TOCTTOU attacks). Therefore, I don't
think it is useful for enforcing security restrictions (such as
enforcing noexec in ld.so).
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Tim Chen: "Re: [PATCH] Fix WARN_ON / WARN_ON_ONCE regression"
Previous message: Frederik Deweerdt: "Re: [RFC PATCH] add pci_{request,free}_irq take #3"
In reply to: Stas Sergeev: "Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps"
Next in thread: David Wagner: "Re: [patch] remove MNT_NOEXEC check for PROT_EXEC mmaps"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]