On 05/15/2017 15:52, Konstantin Belousov wrote: > On Mon, May 15, 2017 at 07:42:23PM +0000, Alexey Dokuchaev wrote: >> On Mon, May 15, 2017 at 10:40:49PM +0300, Konstantin Belousov wrote: >>> On Mon, May 15, 2017 at 03:37:42PM -0400, Nikolai Lifanov wrote: >>>> On 05/15/2017 15:36, Alexey Dokuchaev wrote: >>>>> ... >>>>> Would this now allow executing binaries (with or without +x bit) from >>>>> filesystems mounted with -o noexec? >>>> >>>> No: >>>> >>>> # zfs create -o mountpoint=/mnt -o exec=off tank/TEST >>>> # cp /bin/sh /mnt/ >>>> # /mnt/sh >>>> /mnt/sh: Permission denied. >>>> # /libexec/ld-elf.so.1 /mnt/sh >>>> /mnt/sh: mmap of data failed: Permission denied >>> >>> This is due to >>> r313967 | kib | 2017-02-19 22:51:04 +0200 (Sun, 19 Feb 2017) | 24 lines >>> Apply noexec mount option for mmap(PROT_EXEC). >> >> Nice, good to know that. > > [Replying to random mail in thread] > > I tried this on an up to date latest Fedora installation: > [kostik@sandy ~]$ cp /bin/ls /tmp > [kostik@sandy ~]$ chmod a-x /tmp/ls > [kostik@sandy ~]$ /lib64/ld-linux-x86-64.so.2 /tmp/ls > Dropbox intel tmp work > > I am not sure about one detail, the /tmp/ls file has some security context > on it, but I do not believe that it may affect the outcome of the experiment. > Please correct me if I am wrong. >
This is because /tmp is exec. On Linux it does the same thing: # mount -t tmpfs none -o noexec,mode=1777 /mnt # cp /bin/bash /mnt/ # /lib64/ld-linux-x86-64.so.2 /mnt/bash /mnt/bash: error while loading shared libraries: /mnt/bash: failed to map segment from shared object: Operation not permitted - Nikolai Lifanov
signature.asc
Description: OpenPGP digital signature
