On Thu, Nov 20, 2014, at 14:40, Markus Wichmann wrote: > Not always. One thing that reliably gets on people's nerves here is > shared libraries. And those aren't protected with that ETXTBSY thing. > > The reason is that the MAP_DENYWRITE flag became the irrecoverable > source of a DoS attack and had to be removed from the syscall. It can > still be used in the kernel, which is why overwriting a running binary > will fail, but it can't be used in userspace (or rather, is ignored),
Why not give ld-linux.so a capability that allows it? Wait, no, that wouldn't solve it for dlopen(). Why not allow it for files that have execute permission? What are the details of the DOS attack?
