Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 15 May 2017 15:55:15 -0400
From:      Nikolai Lifanov <lifanov@FreeBSD.org>
To:        Konstantin Belousov <kostikbel@gmail.com>, Alexey Dokuchaev <danfe@FreeBSD.org>
Cc:        svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Ian Lepore <ian@freebsd.org>
Subject:   Re: svn commit: r318313 - head/libexec/rtld-elf
Message-ID:  <78f83a15-86b0-763f-a122-5344b90c0e17@FreeBSD.org>
In-Reply-To: <20170515195236.GK1622@kib.kiev.ua>
References:  <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> <1494875335.59865.118.camel@freebsd.org> <20170515192529.GH1622@kib.kiev.ua> <20170515193609.GC28684@FreeBSD.org> <c9f4d964-e530-c767-1031-de825bcbe38d@FreeBSD.org> <20170515194049.GJ1622@kib.kiev.ua> <20170515194223.GE28684@FreeBSD.org> <20170515195236.GK1622@kib.kiev.ua>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--GHd0lrCCF0cpSSiIcr28B8a7aQdQ4wfIk
Content-Type: multipart/mixed; boundary="vCPRM0dSJ6FVFnw2D991D7ghMjfI05VMD";
 protected-headers="v1"
From: Nikolai Lifanov <lifanov@FreeBSD.org>
To: Konstantin Belousov <kostikbel@gmail.com>,
 Alexey Dokuchaev <danfe@FreeBSD.org>
Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org,
 src-committers@freebsd.org, Ian Lepore <ian@freebsd.org>
Message-ID: <78f83a15-86b0-763f-a122-5344b90c0e17@FreeBSD.org>
Subject: Re: svn commit: r318313 - head/libexec/rtld-elf
References: <201705151848.v4FImwMW070221@repo.freebsd.org>
 <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua>
 <1494875335.59865.118.camel@freebsd.org> <20170515192529.GH1622@kib.kiev.ua>
 <20170515193609.GC28684@FreeBSD.org>
 <c9f4d964-e530-c767-1031-de825bcbe38d@FreeBSD.org>
 <20170515194049.GJ1622@kib.kiev.ua> <20170515194223.GE28684@FreeBSD.org>
 <20170515195236.GK1622@kib.kiev.ua>
In-Reply-To: <20170515195236.GK1622@kib.kiev.ua>

--vCPRM0dSJ6FVFnw2D991D7ghMjfI05VMD
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: quoted-printable

On 05/15/2017 15:52, Konstantin Belousov wrote:
> On Mon, May 15, 2017 at 07:42:23PM +0000, Alexey Dokuchaev wrote:
>> On Mon, May 15, 2017 at 10:40:49PM +0300, Konstantin Belousov wrote:
>>> On Mon, May 15, 2017 at 03:37:42PM -0400, Nikolai Lifanov wrote:
>>>> On 05/15/2017 15:36, Alexey Dokuchaev wrote:
>>>>> ...
>>>>> Would this now allow executing binaries (with or without +x bit) fr=
om
>>>>> filesystems mounted with -o noexec?
>>>>
>>>> No:
>>>>
>>>> # zfs create -o mountpoint=3D/mnt -o exec=3Doff tank/TEST
>>>> # cp /bin/sh /mnt/
>>>> # /mnt/sh
>>>> /mnt/sh: Permission denied.
>>>> # /libexec/ld-elf.so.1 /mnt/sh
>>>> /mnt/sh: mmap of data failed: Permission denied
>>>
>>> This is due to
>>> r313967 | kib | 2017-02-19 22:51:04 +0200 (Sun, 19 Feb 2017) | 24 lin=
es
>>> Apply noexec mount option for mmap(PROT_EXEC).
>>
>> Nice, good to know that.
>=20
> [Replying to random mail in thread]
>=20
> I tried this on an up to date latest Fedora installation:
> [kostik@sandy ~]$ cp /bin/ls /tmp
> [kostik@sandy ~]$ chmod a-x /tmp/ls
> [kostik@sandy ~]$ /lib64/ld-linux-x86-64.so.2  /tmp/ls
> Dropbox  intel  tmp  work
>=20
> I am not sure about one detail, the /tmp/ls file has some security cont=
ext
> on it, but I do not believe that it may affect the outcome of the exper=
iment.
> Please correct me if I am wrong.
>=20


This is because /tmp is exec. On Linux it does the same thing:

# mount -t tmpfs none -o noexec,mode=3D1777 /mnt
# cp /bin/bash /mnt/
# /lib64/ld-linux-x86-64.so.2 /mnt/bash
/mnt/bash: error while loading shared libraries: /mnt/bash: failed to
map segment from shared object: Operation not permitted

- Nikolai Lifanov


--vCPRM0dSJ6FVFnw2D991D7ghMjfI05VMD--

--GHd0lrCCF0cpSSiIcr28B8a7aQdQ4wfIk
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQKoBAEBCgCSFiEE5oT6TcuaWvG5gtjzZ6sv56ecR0UFAlkaB6NfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEU2
ODRGQTREQ0I5QTVBRjFCOTgyRDhGMzY3QUIyRkU3QTc5QzQ3NDUUHGxpZmFub3ZA
ZnJlZWJzZC5vcmcACgkQZ6sv56ecR0WAaQ/8CWEpIDWPtbhWsb143JM9kZGheHb4
DM36ywJLSEuZYX9jOBw0iL1GRmc1qpfWJkFNQt1MrAmzMihgoMzQqMEi43V9frAM
rTX1oKNOz11bN0XB+SzGvTeJnPYEYbolaDITGgwOVtQ/ixkiSzFAZw3kXhlV4UUy
kTQmJnnBpVHP54dFgjBFYXxNJcrJIm/kC8Q652ruxpU4QbYM6rZmDR85k2iNPf3l
MI7ke1M/2M9ZvPDjYZNEgMv6hBPDT44D8/ZfZyDK+T9Pqb+cH2hnuKu25W83Fmzt
/5JcGfJo0E7oLnm7Z3bgezN9USISgDL4vJriLAX4GGq0IiNrCn3tbwBXGwtbqPy2
wTIFsyeoGc4ZJZh5Pe571weamrMbgZ95wsPz/elAvf/uTQrmeiH5R2CgPNNhKnLQ
73K78UL+23EaeXGliwnsVjReUqWahARZzoDIy2eQtkhuiGuLOSAngCrbgzPOIygh
M5+iuaxrWZP/DVaS/Ie7XzJDd7Rg/A70Hn77YfErO70REA9vVqdI9Svb7i5ZQP1M
n5bWKqN+aY6zvdjrF0pirX4d/gq8Ad1+SS5TYnhru9+NCx5GU7hw9nBSq+tRhmtt
o2TBaa/AqIdsOGY5w8nes1JN1bFzEmtCYK9fVV/q2ol1o25DQYFaFPuJk0BvkO5q
Fti/73umfs/mlpg=
=kCFJ
-----END PGP SIGNATURE-----

--GHd0lrCCF0cpSSiIcr28B8a7aQdQ4wfIk--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?78f83a15-86b0-763f-a122-5344b90c0e17>