svn commit: r318313 - head/libexec/rtld-elf

Nikolai Lifanov lifanov at FreeBSD.org
Mon May 15 19:37:44 UTC 2017


On 05/15/2017 15:36, Alexey Dokuchaev wrote:
> On Mon, May 15, 2017 at 10:25:29PM +0300, Konstantin Belousov wrote:
>> On Mon, May 15, 2017 at 01:08:55PM -0600, Ian Lepore wrote:
>>> Well, for example, it seems like it would allow anyone to execute a
>>> binary even if the sysadmin had set it to -x specifically to prevent
>>> people from running it.
>>
>> The direct mode does not (and cannot) honor set{u,g}id modes of the
>> executable, so any binary run this way would only exercise the existing
>> power of the user which did it.
>>
>> The most advanced explanation that I was given in private was among
>> the lines: "if you have an environment where users can upload content
>> to a shared server, but have no access to chmod(2), no compilers, no
>> scripting languages, etc." The person then admitted that (s)he does not
>> consider it as an actual concern.
> 
> Would this now allow executing binaries (with or without +x bit) from
> filesystems mounted with -o noexec?
> 
> ./danfe

No:

# zfs create -o mountpoint=/mnt -o exec=off tank/TEST
# cp /bin/sh /mnt/
# /mnt/sh
/mnt/sh: Permission denied.
# /libexec/ld-elf.so.1 /mnt/sh
/mnt/sh: mmap of data failed: Permission denied

- Nikolai Lifanov

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 992 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/svn-src-head/attachments/20170515/3d68a26e/attachment.sig>


More information about the svn-src-head mailing list