You really don't get it, do you.Yes, sorry. :)
The way ld.so works can be implementedHaving "noexec" (in its older form) on *every* user-writable
in many other forms with other programs.
With some time and energy youThis is solvable the same way too - "chmod 'o-x' perl"
likely can write a perl or python script to do it.
With having "noexec" (in its older form) on every user-writableAnd allow an attacker to store his files on that partition,They can do it anyway.
and then execute them.
Some explanation could do better, but oh well.I have already proposed another solution for ld.so problemAnd for obvious reasons I ignored it.
3 times.
noexec mounts the way _you_ want them are completely, utterly useless.But I used them. And having them on _every_ user-writable
nonexec mounts as they are today plus an upcoming mprotect patch giveAs was pointed out by Hugh, such a patch is unlikely.
fine grained control.Control of what? The malicious loader will always work - it is
You have to use additional mechanism like SELinuxYes, selinux is the only solution here.
to fill in all the holes but that's OK.
nonexec mounts give a greatAny real-life examples of what problem does this solve?
deal more of flexibility.