[uClibc] RE: [uClibc-cvs] svn commit: trunk/uClibc/ldso/ldso: armcris i386 m68k mips powerpc sh sh64 etc...
Rob Landley
rob at landley.net
Fri Mar 18 21:54:39 UTC 2005
> http://cvs.uclibc.org/lists/uclibc/2004-September/009898.html
Good explanation of why it's useful, thanks.
On Friday 18 March 2005 02:34 am, Joakim Tjernlund wrote:
> > I'm all for infrastructure cleanup, I just want to make sure from a
> > security standpoint that if we start being able to run stuff via the
> > loader that we don't open up the old "bypass noexec mounts" security hole
> > from way back. Hence wanting to be able to switch it off in menuconfig,
> > just to be sure...
>
> Does glibc suffer from this security hole?
It used to, but they might have patched it by now. Lemme see if my google-fu
is up to this...
http://sources.redhat.com/ml/bug-glibc/2001-08/msg00044.html
Apparently, all you have to do is chmod -x the loader and noexec mounts mean
something again. We should probably document this somewhere...
Rob
More information about the uClibc
mailing list