Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 15 May 2017 22:40:49 +0300
From:      Konstantin Belousov <kostikbel@gmail.com>
To:        Nikolai Lifanov <lifanov@FreeBSD.org>
Cc:        Alexey Dokuchaev <danfe@FreeBSD.org>, svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Ian Lepore <ian@freebsd.org>
Subject:   Re: svn commit: r318313 - head/libexec/rtld-elf
Message-ID:  <20170515194049.GJ1622@kib.kiev.ua>
In-Reply-To: <c9f4d964-e530-c767-1031-de825bcbe38d@FreeBSD.org>
References:  <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> <1494875335.59865.118.camel@freebsd.org> <20170515192529.GH1622@kib.kiev.ua> <20170515193609.GC28684@FreeBSD.org> <c9f4d964-e530-c767-1031-de825bcbe38d@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, May 15, 2017 at 03:37:42PM -0400, Nikolai Lifanov wrote:
> On 05/15/2017 15:36, Alexey Dokuchaev wrote:
> > On Mon, May 15, 2017 at 10:25:29PM +0300, Konstantin Belousov wrote:
> >> On Mon, May 15, 2017 at 01:08:55PM -0600, Ian Lepore wrote:
> >>> Well, for example, it seems like it would allow anyone to execute a
> >>> binary even if the sysadmin had set it to -x specifically to prevent
> >>> people from running it.
> >>
> >> The direct mode does not (and cannot) honor set{u,g}id modes of the
> >> executable, so any binary run this way would only exercise the existing
> >> power of the user which did it.
> >>
> >> The most advanced explanation that I was given in private was among
> >> the lines: "if you have an environment where users can upload content
> >> to a shared server, but have no access to chmod(2), no compilers, no
> >> scripting languages, etc." The person then admitted that (s)he does not
> >> consider it as an actual concern.
> > 
> > Would this now allow executing binaries (with or without +x bit) from
> > filesystems mounted with -o noexec?
> > 
> > ./danfe
> 
> No:
> 
> # zfs create -o mountpoint=/mnt -o exec=off tank/TEST
> # cp /bin/sh /mnt/
> # /mnt/sh
> /mnt/sh: Permission denied.
> # /libexec/ld-elf.so.1 /mnt/sh
> /mnt/sh: mmap of data failed: Permission denied

This is due to
r313967 | kib | 2017-02-19 22:51:04 +0200 (Sun, 19 Feb 2017) | 24 lines
Apply noexec mount option for mmap(PROT_EXEC).

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170515194049.GJ1622>