Re: noexec-flag does not work in Linux 2.4.10-pre10

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Padraig Brady <padraig@antefacto.com>
To: Alexander Viro <viro@math.psu.edu>
Cc: linux-kernel@vger.kernel.org
Subject: Re: noexec-flag does not work in Linux 2.4.10-pre10
Date: Fri, 21 Sep 2001 11:51:33 +0100	[thread overview]
Message-ID: <3BAB1BB5.6030800@antefacto.com> (raw)
In-Reply-To: <Pine.GSO.4.21.0109201932220.5631-100000@weyl.math.psu.edu>

Alexander Viro wrote:

>
>On Fri, 21 Sep 2001, Peter Bornemann wrote:
>
>>This is no problem for me but an inconvenience. If You see all
>>the x-flags You believe in the executability (is that right?), moreover,
>>as on my system executables are displayed in red colour, I feel my eyes
>>are deceived to some extent.
>>
>
>Then you've never used noexec on normal filesystems (after all, _that_
>is the intended use - prohibit execution of binaries from potentially
>unsafe place, and in that case you are interested in all mode bits, so
>you want them to be reported).
>

I wondered what you gain by noexec actually as there is always a way to
execute code you can read. For e.g. if you want to execute a binary from
/mnt/unsafe you can do (RH7.1):  /lib/ld-linux.so.2 /mnt/unsafe/hack.bin ?

>  Try to remount some normal fs noexec
>(_not_ one that contains mount(8), or you'll have really big trouble
>on hands).  Then look at it - exec bits are still there and they
>are still reported.
>
>>But, as umask=111 works, I will switch to that.
>>
>>Thanks a lot!
>>
>>Peter B
>>

next prev parent reply	other threads:[~2001-09-21 10:56 UTC|newest]

Thread overview: 6+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-09-20 18:05 noexec-flag does not work in Linux 2.4.10-pre10 Peter Bornemann
2001-09-20 21:17 ` Andreas Dilger
2001-09-20 23:24   ` Peter Bornemann
2001-09-20 23:39     ` Alexander Viro
2001-09-21 10:51       ` Padraig Brady [this message]
2001-09-20 21:17 ` Alexander Viro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=3BAB1BB5.6030800@antefacto.com \
    --to=padraig@antefacto.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=viro@math.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.