> by invoking the executable with the help of the dynamic Linux loader. Although you are right, in real world vulnerability exploitation you often don't control much of the environment, sometimes even the way an executable gets executed.
The reason most people mount tmp with noexec is that it is world writable. Thanks to that, even services with explicit reduced rights can leverage the file system when remotely exploiting a vulnerability. By using noexec (and nodev, nosuid...) you add security. You don't make it impossible to exploit, you make it more difficult. Why do you think ASLR, DEP and many other protection techniques are still very much in use, while they are constantly circumvented ? Difficulty of exploitation is one of the major points of risk management. With a bit of effort, you grow the resources needed to exploit a vulnerability, which in turn makes it less likely to be exploited. While comment #19 already stated a valid workaround for this bug, it would really be a good sign if security aware parties would join the discussion... even after 8 years. -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to debconf in Ubuntu. https://bugs.launchpad.net/bugs/90085 Title: When /tmp is mounted noexec, preconfigure fails Status in debconf package in Ubuntu: Triaged Status in debconf package in Debian: Confirmed Bug description: Binary package hint: mysql-server /tmp mounted noexec, this ensues: Preconfiguring packages ... Can't exec "/tmp/mysql-server-5.0.config.89611": Permission denied at /usr/share/perl/5.8/IPC/Open3.pm line 168. open2: exec of /tmp/mysql-server-5.0.config.89611 configure failed at /usr/share/perl5/Debconf/ConfModule.pm line 57 mysql-server-5.0 failed to preconfigure, with exit status 2 ace To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/debconf/+bug/90085/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : [email protected] Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp
