[TriLUG] Securing /etc/fstab

Mike McLean mamclean at eos.ncsu.edu
Tue Dec 11 18:07:39 EST 2001


"Daniel T. Chen" wrote:
> 
> Also be aware that noexec can be easily bypassed with:
> 
> /lib/ld-linux.so.2 /path/to/executable/on/noexec/mounted/partition
> 
> so draconian might need some other means...

neat!  
Only works with binaries though, but you could do something similar with
scripts by running the interpreter on them.

So does the shared object really need to be executable?  How bad would 
$ chmod o-x /lib/ld-linux.so.2
break things?  And even if you do fix it, are there other little tricks
like this?

And if you can't fix it, then what is the point of noexec?



More information about the TriLUG mailing list