OpenForum RSS: Shared libraries permissions

Shared libraries permissions (guest)

Wed, 26 Jan 2011 07:34:29 GMT

> �� ۣ�
> IBM S390

http://www-03.ibm.com/systems/z/os/linux/support/lcds/toc.html
IBM �� , �� :)

Shared libraries permissions (pavlinux)

Tue, 25 Jan 2011 15:05:05 GMT

>> �� current->personality �� READ_IMPLIES_EXEC �� %-)
> �� (� � �� ARM),
> �� 755 vs 644 ��
> �� :)))

�� ۣ�
IBM S390

ARM ��, ��

Set READ_IMPLIES_EXEC if:
- the binary requires an executable stack
- we're running on a CPU which doesn't support NX.

if (cpu_architecture() < CPU_ARCH_ARMv6)
return error;

Shared libraries permissions (guest)

Tue, 25 Jan 2011 14:27:58 GMT

> �� current->personality �� READ_IMPLIES_EXEC �� %-)

�� (� � �� ARM), �� 755 vs 644 �� :)))

Shared libraries permissions (pavlinux)

Tue, 25 Jan 2011 14:21:49 GMT

> �� , �� /�� +x
> �� .so :)

�� , ....

�� ,

if ((prot & PROT_READ) && (current->personality & READ_IMPLIES_EXEC))

�� , � �� PROT_READ
�� , �� PROT_READ �� PROT_READ + PROT_EXEC :)
��... :)

�� current->personality �� READ_IMPLIES_EXEC �� %-)

> ��: �� debian - 644

Shared libraries permissions (guest)

Tue, 25 Jan 2011 14:15:17 GMT

�� , �� /�� +x �� .so :)

��: �� debian - 644

Shared libraries permissions (pavlinux)

Tue, 25 Jan 2011 14:04:26 GMT

> ... �� , � �� +x � .so?

�� , �� , �� ,
�� noexec ��ң� ��.

http://lxr.linux.no/#linux+v2.6.37/mm/mmap.c#L966

Shared libraries permissions (guest)

Tue, 25 Jan 2011 13:53:14 GMT

> �� , �� "noexec", �� PROT_EXEC �
> mmap()
> http://lxr.linux.no/#linux+v2.6.37/mm/mmap.c#L976

�� ?
�� *bsd, �� , � �� +x � .so?

Shared libraries permissions (pavlinux)

Tue, 25 Jan 2011 13:45:06 GMT

> � �� , �� ld-linux �� )

�� "noexec", �� PROT_EXEC � mmap()
http://lxr.linux.no/#linux+v2.6.37/mm/mmap.c#L976

# cp /lib64/libm-2.11.3.so /boot
# mount -o remount,ro,noexec /boot

[code]
#include <stdio.h>
#include <dlfcn.h>

int main(void) {

double (*cosinus)(double);
void *math = dlopen("/boot/libm-2.11.3.so", RTLD_LAZY);

cosinus = dlsym(math,"cos");
printf ("%f\n", (*cosinus)(-3.1415));

dlclose(math);
return 0;
}
[/code]

# gcc test.c -ldl
# ./a.out
��

Shared libraries permissions (guest)

Tue, 25 Jan 2011 13:29:41 GMT

>> �� 755 �� .so �� :)
> �� Linux + x86 �� .

�� Free/OpenBSD 444 �� .so �� .

> � �� 755, �� , ��
> �� 444 :)

� �� , �� ld-linux �� )