Bugtraq mailing list archives
Re: Dump a mode --x--x--x binary on Linux 2.0.x
From: casper () HOLLAND SUN COM (Casper Dik)
Date: Tue, 15 Sep 1998 20:20:15 +0200
process-dump-... files in the current directory. The executable itself can be recovered by catting the first few files together and truncating at the executable size. I have tested this by reconstructing a copy of /bin/cat which I had protected mode 111 under Linux 2.0.x.You can only do this for non setuid applications. I would question it is even a bug. Execute only is an extremely vague concept anyway on x86 since the chip doesnt really support it physically.
Solaris has the same "problem" and I too am not sure whether it's a bug or not. Also, filesystems like NFS make no distinction between read-for-execute or read-for-reading. Solaris /proc disallows access to execute only binaries, but its LD_PRELOAD and also LD_LIBRARY_PATH have the exact same problem. LD_LIBRARY_PATH is somewhat trickier to abuse as it requires you to build an entire library and not just an object with a few replacement function, although you might get very far by just using a .init section and little substance.
The convenience and usefulness of LD_PRELOAD seems to far outweigh this consideration for normal use. Its probably one for the 'secure linux' patch collection therefore.
Indeed, and I would think that disabling LD_LIBRARY_PATH too would have serious usability impact. Casper
Current thread:
- Dump a mode --x--x--x binary on Linux 2.0.x David Luyer (Sep 14)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Alan Cox (Sep 15)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Casper Dik (Sep 15)
- <Possible follow-ups>
- Re: Dump a mode --x--x--x binary on Linux 2.0.x David Luyer (Sep 15)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Neale Banks (Sep 16)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Martin Mares (Sep 17)
- Re: Dump a mode --x--x--x binary on Linux 2.0.x Alan Cox (Sep 15)