On Fri, Oct 04, 2019 at 05:52:45PM +0200, Sven Joachim wrote: > On 2019-10-04 16:22 +0100, Jonathan Dowland wrote: > > > On Wed, Oct 02, 2019 at 07:03:59PM +1000, Keith Bainbridge wrote: > >> I wonder if having /home on a 'noexec' partition would stop this > >> attack, please? > > > > I don't know specifically about this attack, but noexec is trivial to > > circumvent. > > Is it? Running scripts in shell, Perl or Python is trivial since you > can just invoke the interpreter, but for binaries it is not so easy.
For binaries, the "interpreter" is just ld.so :-) But as you state below, there seems to be some protection for that... > > Here's three ways: > > > > bash -c "~/whatever" > > Does not work, bash reports "Permission denied". Interesting (I actually never tried). Noexec seems to do a tad more than "just" ignoring the x bit. For bash, you can "fix" that by feeding it ~/whatever through stdin (e.g. -s or something). For a binary... I think ld.so wants to mmap it. Cheers -- t
signature.asc
Description: Digital signature
