public inbox for linux-kernel@vger.kernel.org
 help / color / mirror / Atom feed
From: ebiederm@xmission.com (Eric W. Biederman)
To: Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil>
Cc: viro@math.psu.edu, Rob Landley <landley@trommello.org>,
	linux-kernel@vger.kernel.org
Subject: Re: Security question: "Text file busy" overwriting executables but not shared libraries?
Date: 03 Oct 2001 12:06:21 -0600	[thread overview]
Message-ID: <m1r8sk1tuq.fsf@frodo.biederman.org> (raw)
In-Reply-To: <200110031249.HAA50103@tomcat.admin.navo.hpc.mil>
In-Reply-To: <200110031249.HAA50103@tomcat.admin.navo.hpc.mil>

Jesse Pollard <pollard@tomcat.admin.navo.hpc.mil> writes:

> Alexander Viro <viro@math.psu.edu>:
> > On Tue, 2 Oct 2001, Rob Landley wrote:
> > 
> > > Anybody want to venture an opinion why overwriting executable files that are
> 
> > > currently in use gives you a "text file busy" error, but overwriting shared
> 
> > > libraries that are in use apparently works just fine (modulo a core dump if
> 
> > > you aren't subtle about your run-time patching)?
> > > 
> > > Permissions are still enforced, but it seems to me somebody who cracks root
> 
> > > on a system could potentially modify the behavior of important system
> daemons
> 
> > > without changing their process ID numbers.
> > > 
> > > Did I miss something somewhere?
> > 
> > Somebody who cracks root can attach gdb to a daemon, modify the contents of
> > its text segment and detach.  No need to change any files...
> 
> True, but the original problem still appears to be a bug.
> 
> Even the owner of the file should not be able to write to a busy executable,
> whether it is a shared library, or an executable image. Remove it, yes.
> Create a new one (in a different inode) -  yes.
> 
> But not modify a busy executable.

Have ld-linux.so set the MAP_DENYWRITE bit when it is mapping
the library.

Eric

  reply	other threads:[~2001-10-03 18:16 UTC|newest]

Thread overview: 76+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2001-10-03 12:49 Security question: "Text file busy" overwriting executables but not shared libraries? Jesse Pollard
2001-10-03 18:06 ` Eric W. Biederman [this message]
2001-10-03 23:20   ` Rob Landley
2001-10-04  3:38     ` Eric W. Biederman
2001-10-04  4:19       ` Alexander Viro
2001-10-04  6:15         ` Eric W. Biederman
2001-10-04  8:21           ` CaT
2001-10-04  8:35             ` john slee
2001-10-04  8:45               ` CaT
2001-10-04 13:11             ` Eric W. Biederman
2001-10-04 14:24               ` Kernel size Richard B. Johnson
2001-10-13 20:35                 ` Aaron Lehmann
2001-10-04  8:30           ` Security question: "Text file busy" overwriting executables but not shared libraries? Ville Herva
2001-10-04  9:46             ` Erik Andersen
2001-10-04 19:50               ` Security question: "Text file busy" overwriting executables but no Kai Henningsen
2001-10-04  8:53           ` Security question: "Text file busy" overwriting executables but not shared libraries? Andreas Schwab
2001-10-04 13:23             ` Eric W. Biederman
2001-10-04  9:12           ` Bloatware (was Re: Security question: "Text file busy"...) VDA
2001-10-04  5:38     ` Security question: "Text file busy" overwriting executables but not shared libraries? Linus Torvalds
2001-10-04  5:44       ` Alexander Viro
2001-10-04  5:49         ` Linus Torvalds
2001-10-04 15:01           ` Eric W. Biederman
2001-10-04 15:49             ` Linus Torvalds
2001-10-04 16:02               ` Richard Gooch
2001-10-04 16:20                 ` Andreas Schwab
2001-10-04 17:19                   ` Richard Gooch
2001-10-04 16:11               ` Alexander Viro
2001-10-04 19:28                 ` Security question: "Text file busy" overwriting executables but no Kai Henningsen
2001-10-04 17:25               ` Security question: "Text file busy" overwriting executables but not shared libraries? Eric W. Biederman
2001-10-13 14:53                 ` Jamie Lokier
2001-10-13 17:13                   ` Linus Torvalds
2001-10-13 18:18                     ` Rik van Riel
2001-10-13 18:40                     ` Pablo Alcaraz
2001-10-13 19:05                       ` Jamie Lokier
2001-10-13 18:54                     ` Jamie Lokier
2001-10-13 19:23                       ` Linus Torvalds
2001-10-13 19:46                         ` Jamie Lokier
2001-10-13 21:43                           ` Aaron Lehmann
2001-10-13 22:27                             ` Eric W. Biederman
2001-10-13 22:50                               ` Aaron Lehmann
2001-10-15 11:24                                 ` Jamie Lokier
2001-10-13 22:19                           ` Linus Torvalds
2001-10-14  6:49                             ` Eric W. Biederman
2001-10-14  8:17                               ` Xavier Bestel
2001-10-14 15:40                               ` Linus Torvalds
2001-10-14 18:49                                 ` Eric W. Biederman
2001-10-15 11:43                             ` Jamie Lokier
2001-10-13 22:41                           ` Richard Gooch
2001-10-15 11:35                             ` Jamie Lokier
2001-10-15 11:51                               ` Alexander Viro
2001-10-15 12:29                                 ` Jamie Lokier
2001-10-13 22:27                         ` Linus Torvalds
2001-10-14 12:57                     ` Security question: "Text file busy" overwriting executables but no Kai Henningsen
2001-10-14 21:43                     ` Security question: "Text file busy" overwriting executables but not shared libraries? Mark H. Wood
2001-10-04  5:53         ` Richard Gooch
2001-10-04 20:39         ` Security question: "Text file busy" overwriting executables but Alan Cox
2001-10-05 16:30           ` Eric W. Biederman
2001-10-05 16:58             ` Linus Torvalds
2001-10-05 17:35               ` Horst von Brand
2001-10-05 17:44                 ` Linus Torvalds
2001-10-05 18:51                   ` Oliver Xymoron
2001-10-06 19:05                     ` Eric W. Biederman
2001-10-14  8:02               ` [RFC] "Text file busy" when overwriting libraries Eric W. Biederman
2001-10-14 12:08                 ` Alan Cox
2001-10-14 20:48                   ` Eric W. Biederman
2001-10-15  1:44                     ` Alan Cox
2001-10-15  2:06                       ` Linus Torvalds
2001-10-15 10:11                         ` Eric W. Biederman
2001-10-15 11:54                           ` Alan Cox
2001-10-15 11:57                             ` Alexander Viro
2001-10-15 12:08                               ` Alan Cox
2001-10-15 12:11                                 ` Alexander Viro
2001-10-04  6:50       ` Security question: "Text file busy" overwriting executables but not shared libraries? George Greer
2001-10-04 12:54       ` John Levon
  -- strict thread matches above, loose matches on Subject: below --
2001-10-03  2:55 Rob Landley
2001-10-03  7:07 ` Alexander Viro

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=m1r8sk1tuq.fsf@frodo.biederman.org \
    --to=ebiederm@xmission.com \
    --cc=landley@trommello.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=pollard@tomcat.admin.navo.hpc.mil \
    --cc=viro@math.psu.edu \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox