Date: Mon, 15 May 2017 15:55:15 -0400 From: Nikolai Lifanov <lifanov@FreeBSD.org> To: Konstantin Belousov <kostikbel@gmail.com>, Alexey Dokuchaev <danfe@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Ian Lepore <ian@freebsd.org> Subject: Re: svn commit: r318313 - head/libexec/rtld-elf Message-ID: <78f83a15-86b0-763f-a122-5344b90c0e17@FreeBSD.org> In-Reply-To: <20170515195236.GK1622@kib.kiev.ua> References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> <1494875335.59865.118.camel@freebsd.org> <20170515192529.GH1622@kib.kiev.ua> <20170515193609.GC28684@FreeBSD.org> <c9f4d964-e530-c767-1031-de825bcbe38d@FreeBSD.org> <20170515194049.GJ1622@kib.kiev.ua> <20170515194223.GE28684@FreeBSD.org> <20170515195236.GK1622@kib.kiev.ua>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --GHd0lrCCF0cpSSiIcr28B8a7aQdQ4wfIk Content-Type: multipart/mixed; boundary="vCPRM0dSJ6FVFnw2D991D7ghMjfI05VMD"; protected-headers="v1" From: Nikolai Lifanov <lifanov@FreeBSD.org> To: Konstantin Belousov <kostikbel@gmail.com>, Alexey Dokuchaev <danfe@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org, Ian Lepore <ian@freebsd.org> Message-ID: <78f83a15-86b0-763f-a122-5344b90c0e17@FreeBSD.org> Subject: Re: svn commit: r318313 - head/libexec/rtld-elf References: <201705151848.v4FImwMW070221@repo.freebsd.org> <20170515185236.GB1637@FreeBSD.org> <20170515190030.GG1622@kib.kiev.ua> <1494875335.59865.118.camel@freebsd.org> <20170515192529.GH1622@kib.kiev.ua> <20170515193609.GC28684@FreeBSD.org> <c9f4d964-e530-c767-1031-de825bcbe38d@FreeBSD.org> <20170515194049.GJ1622@kib.kiev.ua> <20170515194223.GE28684@FreeBSD.org> <20170515195236.GK1622@kib.kiev.ua> In-Reply-To: <20170515195236.GK1622@kib.kiev.ua> --vCPRM0dSJ6FVFnw2D991D7ghMjfI05VMD Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: quoted-printable On 05/15/2017 15:52, Konstantin Belousov wrote: > On Mon, May 15, 2017 at 07:42:23PM +0000, Alexey Dokuchaev wrote: >> On Mon, May 15, 2017 at 10:40:49PM +0300, Konstantin Belousov wrote: >>> On Mon, May 15, 2017 at 03:37:42PM -0400, Nikolai Lifanov wrote: >>>> On 05/15/2017 15:36, Alexey Dokuchaev wrote: >>>>> ... >>>>> Would this now allow executing binaries (with or without +x bit) fr= om >>>>> filesystems mounted with -o noexec? >>>> >>>> No: >>>> >>>> # zfs create -o mountpoint=3D/mnt -o exec=3Doff tank/TEST >>>> # cp /bin/sh /mnt/ >>>> # /mnt/sh >>>> /mnt/sh: Permission denied. >>>> # /libexec/ld-elf.so.1 /mnt/sh >>>> /mnt/sh: mmap of data failed: Permission denied >>> >>> This is due to >>> r313967 | kib | 2017-02-19 22:51:04 +0200 (Sun, 19 Feb 2017) | 24 lin= es >>> Apply noexec mount option for mmap(PROT_EXEC). >> >> Nice, good to know that. >=20 > [Replying to random mail in thread] >=20 > I tried this on an up to date latest Fedora installation: > [kostik@sandy ~]$ cp /bin/ls /tmp > [kostik@sandy ~]$ chmod a-x /tmp/ls > [kostik@sandy ~]$ /lib64/ld-linux-x86-64.so.2 /tmp/ls > Dropbox intel tmp work >=20 > I am not sure about one detail, the /tmp/ls file has some security cont= ext > on it, but I do not believe that it may affect the outcome of the exper= iment. > Please correct me if I am wrong. >=20 This is because /tmp is exec. On Linux it does the same thing: # mount -t tmpfs none -o noexec,mode=3D1777 /mnt # cp /bin/bash /mnt/ # /lib64/ld-linux-x86-64.so.2 /mnt/bash /mnt/bash: error while loading shared libraries: /mnt/bash: failed to map segment from shared object: Operation not permitted - Nikolai Lifanov --vCPRM0dSJ6FVFnw2D991D7ghMjfI05VMD-- --GHd0lrCCF0cpSSiIcr28B8a7aQdQ4wfIk Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- iQKoBAEBCgCSFiEE5oT6TcuaWvG5gtjzZ6sv56ecR0UFAlkaB6NfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEU2 ODRGQTREQ0I5QTVBRjFCOTgyRDhGMzY3QUIyRkU3QTc5QzQ3NDUUHGxpZmFub3ZA ZnJlZWJzZC5vcmcACgkQZ6sv56ecR0WAaQ/8CWEpIDWPtbhWsb143JM9kZGheHb4 DM36ywJLSEuZYX9jOBw0iL1GRmc1qpfWJkFNQt1MrAmzMihgoMzQqMEi43V9frAM rTX1oKNOz11bN0XB+SzGvTeJnPYEYbolaDITGgwOVtQ/ixkiSzFAZw3kXhlV4UUy kTQmJnnBpVHP54dFgjBFYXxNJcrJIm/kC8Q652ruxpU4QbYM6rZmDR85k2iNPf3l MI7ke1M/2M9ZvPDjYZNEgMv6hBPDT44D8/ZfZyDK+T9Pqb+cH2hnuKu25W83Fmzt /5JcGfJo0E7oLnm7Z3bgezN9USISgDL4vJriLAX4GGq0IiNrCn3tbwBXGwtbqPy2 wTIFsyeoGc4ZJZh5Pe571weamrMbgZ95wsPz/elAvf/uTQrmeiH5R2CgPNNhKnLQ 73K78UL+23EaeXGliwnsVjReUqWahARZzoDIy2eQtkhuiGuLOSAngCrbgzPOIygh M5+iuaxrWZP/DVaS/Ie7XzJDd7Rg/A70Hn77YfErO70REA9vVqdI9Svb7i5ZQP1M n5bWKqN+aY6zvdjrF0pirX4d/gq8Ad1+SS5TYnhru9+NCx5GU7hw9nBSq+tRhmtt o2TBaa/AqIdsOGY5w8nes1JN1bFzEmtCYK9fVV/q2ol1o25DQYFaFPuJk0BvkO5q Fti/73umfs/mlpg= =kCFJ -----END PGP SIGNATURE----- --GHd0lrCCF0cpSSiIcr28B8a7aQdQ4wfIk--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?78f83a15-86b0-763f-a122-5344b90c0e17>