|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: mmap(), security and /dev/zero
From: Jonathan Stone (jonathan
dsg.stanford.edu)
Date: Wed Jun 23 2004 - 18:31:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
In message <20040623202448.GF357snowdrop.l8s.co.uk>,
David Laight writes:
>> "Not exactly". I believe we decided to not require the x bit on files
>> backing executable mappings, because this would be a painful user-visible
>> change (every shared object on the system would require x added to its
>> permissions).
>
>Yes - If 'x' were required then the shell (etc) will try to execute them.....
I'd contend that anyone silly enough to put /lib or /usr/lib on their
shell's execute path deserves what they get.
>Requiring 'x' basically gives little or no (obvious) benefits, and a lot
>of problems.
For you, perhaps. For those of us who try to build hardened systems,
thats... well, speaking personally, I'd really like to see ``+x
required for executable mmap'' make it into 2.0. As a config-time
option, maybe, but there.
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]