Re: [RFC] "Text file busy" when overwriting libraries

Alexander Viro (viro@math.psu.edu)
Mon, 15 Oct 2001 08:11:20 -0400 (EDT)


On Mon, 15 Oct 2001, Alan Cox wrote:

> > Anyone can write it, but what the hell will he do without write access to
> > any place that wouldn't be mounted noexec? Environment can be restricted
> > even if you give them shell...
>
> He will type "perl" and interactively issue any damn syscall he likes
> subject to the normal permissions rules. Noexec is only useful for a user
> given virtually nothing.

... and will hit "permission denied" on attempt to exec /usr/bin/perl.
Blanket noexec on /usr instance mounted in his chroot with selective turning
the thing off on some binaries. And yes, I realize that one can always
hunt for buffer overruns in sh(1)...

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/