Date: Sun, 24 Jan 2021 13:55:45 -0500 From: Rich Felker <dalias@...c.org> To: Alexander Monakov <amonakov@...ras.ru> Cc: musl@...ts.openwall.com, Andrew Rogers <andrew.rogerstech@...il.com> Subject: Re: Potential DL_NOMMU_SUPPORT bug. On Sun, Jan 24, 2021 at 09:48:11PM +0300, Alexander Monakov wrote: > > > sdcard [pseudo-]partition is usually mounted noexec, so mmap with PROT_EXEC > > > should fail. > > > > Uhg, that makes no sense. Does it enforce that even for MAP_PRIVATE, > > which should semantically be equivalent to just making anon memory > > with the requested permissions and copying the file contents into it?? > > I think it makes sense: isn't the entire point of 'noexec' that a user > who has write access only to noexec filesystems will not be able to run > arbitrary binary code (assuming the already-present binaries are not > cooperative, unlike musl ld.so with the above patch would be)? Enforcing > noexec for MAP_PRIVATE ensures the users can not trivially side-step > noexec by invoking ld.so (without extra checks on ld.so side). I always viewed noexec (as opposed to something like nosuid) as a non-security-boundary, a sort of soft block for mounting filesystems that you don't want to execute programs from, for example a disk image known to contain malware that you're analyzing or a flash drive not expected to contain meaningful executable data but where all files would appear as +x due to FAT limitations. The expectation is that it can be bypassed. With a "restricted shell" type environment (very careful selection of what programs are present), it can plausibly be turned into a (very fragile) security boundary, but I didn't expect the kernel to be making weird rules to facilitate that. In any case, it seems that's how it is, and inability to dlopen (or LD_LIBRARY_PATH+DT_NEEDED or whatnot) from a noexec mount is annoying... Rich
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.