Re: [patch] honour MNT_NOEXEC for access()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Stas Sergeev wrote:
Even though the access(X_OK) is mostly not needed
as the execve() would fail anyway, this is not the
case for ld.so. I think it would be a good idea for
ld.so to start using the access(R_OK | X_OK) before
open().

Not really. If you want to do something along those lines it would be better to add a new open flag called something like O_RDEXONLY which would require r-x effective file permissions, and allow PROT_READ|PROT_EXEC mmaps (though for that to be really useful, you'd need to make an O_RDONLY fd not allow PROT_EXEC mmaps, which would break a few things).

access() is just plain racy, and can't be used safely for any kind of permission/security check.

   J
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [email protected]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

[Index of Archives]     [Kernel Newbies]     [Netfilter]     [Bugtraq]     [Photo]     [Stuff]     [Gimp]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Video 4 Linux]     [Linux for the blind]     [Linux Resources]
  Powered by Linux