On 2019-10-04 16:22 +0100, Jonathan Dowland wrote:
> On Wed, Oct 02, 2019 at 07:03:59PM +1000, Keith Bainbridge wrote:
>> I wonder if having /home on a 'noexec' partition would stop this
>> attack, please?
>
> I don't know specifically about this attack, but noexec is trivial to
> circumvent.
Is it? Running scripts in shell, Perl or Python is trivial since you
can just invoke the interpreter, but for binaries it is not so easy.
> Here's three ways:
>
> bash -c "~/whatever"
Does not work, bash reports "Permission denied".
> cp ~/whatever /tmp && /tmp/whatever
Obviously /tmp (and /var/tmp) must be mounted noexec as well if you want
to keep users from running arbitrary binaries.
> /lib64/ld-linux-x86-64.so.2 ~/whatever
Does not work, "error while loading shared libraries:
/home/sven/whatever: failed to map segment from shared object".
I wonder how I would recover from an accidental
"mount -o remount,noexec /", even with a root shell still open.
Cheers,
Sven
