[Bug dynamic-link/21718] mount noexec bypass via direct ld invocation and (ab)use of relocations onto bss

public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed

* [Bug dynamic-link/21718] mount noexec bypass via direct ld invocation and (ab)use of relocations onto bss
       [not found] <bug-21718-131@http.sourceware.org/bugzilla/>
@ 2021-12-18 14:19 ` jinoh.kang.kr at gmail dot com
  0 siblings, 0 replies; only message in thread
From: jinoh.kang.kr at gmail dot com @ 2021-12-18 14:19 UTC (permalink / raw)
  To: glibc-bugs

https://sourceware.org/bugzilla/show_bug.cgi?id=21718

--- Comment #3 from Jinoh Kang <jinoh.kang.kr at gmail dot com> ---
Note that this bug can be exploited for all shared object loads, so e.g.

  enable -f program.so

would also be possible.

As the trusted_for (formerly O_MAYEXEC) patch proposal [1] in Linux is
approaching towards being merged, perhaps we can use it to fix this?

[1]: https://lore.kernel.org/lkml/20211115185304.198460-1-mic@digikod.net/

-- 
You are receiving this mail because:
You are on the CC list for the bug.

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2021-12-18 14:19 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <bug-21718-131@http.sourceware.org/bugzilla/>
2021-12-18 14:19 ` [Bug dynamic-link/21718] mount noexec bypass via direct ld invocation and (ab)use of relocations onto bss jinoh.kang.kr at gmail dot com

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).