Re: Security question: "Text file busy" overwriting executables but not shared libraries?

Linus Torvalds (torvalds@transmeta.com)
Thu, 4 Oct 2001 05:38:12 +0000 (UTC)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrew Ip: "Re: [POT] Which journalised filesystem uses Linus Torvalds ?"
Previous message: Neil Brown: "Re: PATCH - gameport_{,un}register_port must be static when inline"
Maybe in reply to: Rob Landley: "Security question: "Text file busy" overwriting executables but not shared libraries?"

In article <01100319203903.00728@localhost.localdomain>,
Rob Landley <landley@trommello.org> wrote:
>
>I.E. it seems like they go out of their way to ALLOW writing to the libaries.
> (I assume they KNOW the difference between MAP_DENYWRITE, MAP_COPY, and
>MAP_PRIVATE...?)

Note that the kernel will refuse to honour MAP_DENYWRITE from user
space, so I'm afraid that changing ld.so won't do a thing.

The reason the kernel refuses to honour it, is that MAP_DENYWRITE is an
excellent DoS-vehicle - you just mmap("/etc/passwd") with MAP_DENYWRITE,
and even root cannot write to it.. Vary nasty.

Which is why the kernel only allows it when the binary loader itself
sets the flag, because security-conscious application writers are
already aware of the "oh, a running binary may not be writable" issues.

So sorry..

Linus

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: Andrew Ip: "Re: [POT] Which journalised filesystem uses Linus Torvalds ?"
Previous message: Neil Brown: "Re: PATCH - gameport_{,un}register_port must be static when inline"
Maybe in reply to: Rob Landley: "Security question: "Text file busy" overwriting executables but not shared libraries?"