Re: [PATCH] mmap: add sysctl for controlling ~VM_MAYEXEC taint

From: Valdis . Kletnieks
Date: Wed Aug 17 2011 - 19:23:57 EST

Next message: Valdis . Kletnieks: "Re: Kernel 3.0: Instant kernel crash when mounting CIFS (also crashes with linux-3.1-rc2"
Previous message: Larry Finger: "Re: [PATCH] ath9k: make driver usable standalone"
In reply to: Will Drewry: "Re: [PATCH] mmap: add sysctl for controlling ~VM_MAYEXEC taint"
Next in thread: Andrew Morton: "Re: [PATCH] mmap: add sysctl for controlling ~VM_MAYEXEC taint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 16 Aug 2011 10:07:46 PDT, Roland McGrath said:

> I think the expectation is that the administrator or system builder
> who decides to set the (non-default) noexec mount option will also
> set the sysctl at the same time.

On the other hand, a design that requires 2 separate actions to be taken in
order to make it work, and which fails unsafe if the second step isn't taken,
is a bad design. If we're talking "expectations", let's not forget that the
mount option is called "noexec", not "only-really-noexec-if-you-set-a-magic-sysctl".

I'll also point out that we didn't add a sysctl in 2.6.0 to say whether or not
to still allow the old "/lib/ld-linux.so your-binary-here" hack to execute binaries
off a partition mounted noexec - we simply said "this will no longer be permitted".

Attachment: pgp00000.pgp
Description: PGP signature

Next message: Valdis . Kletnieks: "Re: Kernel 3.0: Instant kernel crash when mounting CIFS (also crashes with linux-3.1-rc2"
Previous message: Larry Finger: "Re: [PATCH] ath9k: make driver usable standalone"
In reply to: Will Drewry: "Re: [PATCH] mmap: add sysctl for controlling ~VM_MAYEXEC taint"
Next in thread: Andrew Morton: "Re: [PATCH] mmap: add sysctl for controlling ~VM_MAYEXEC taint"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]