[prev in list] [next in list] [prev in thread] [next in thread]
List: debian-security
Subject: RE: execute permissions in /tmp
From: DEFFONTAINES Vincent <Vincent.DEFFONTAINES () coe ! int>
Date: 2003-07-17 8:30:11
[Download RAW message or body]
> Looks that way. I guess I mis-interpreted the grsec docs
> (and since I don't have a kernel compiled with TPE, I didn't
> test it). It seems that it already does what I suggested it
> do: not allow mmap with PROT_EXEC under certain conditions.
> (You did make sure that this behaviour isn't the result of
> some other grsecurity option, right?)
Yes I did.
Tested it with a whole bunch of grsec options on, but not TPE.
Then with the same config, only diff is TPE option is set.
First time the /tmp/bash worked "normally", 2nd time gave the
result I pasted in my last post.
>
> Anyway, that's pretty cool. However, I don't suppose it
> stops you from running perl scripts, or anything other than
> ELF binaries, since files that don't contain machine code
> wouldn't need to be mapped with PROT_EXEC. In fact, I
> straced perl, and it uses read(2) instead of mmap(2) to load
> the code. Unless grsec is really clever, perl programs would
> still work, by running /usr/bin/perl /tmp/foo.pl, as long as
> you can read /tmp/foo.pl.
Correct. I've just tested it just in case :-)
$cat foo.pl
#!/usr/bin/perl
print "foo\n";
$/tmp/foo.pl
su: ./toto.pl: /usr/bin/perl: bad interpreter: Permission denied
$/usr/bin/perl /tmp/foo.pl
foo
Which seems pretty logical, indeed.
Vincent
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic