On Thu, Oct 18, 2001 at 03:11:26PM -0700, Jonathan Stone wrote:

 > I was acutlally wondering about hacking ld.{elf_}so  -- or wherever
 > LD_PRELOAD and LD_LIBRARY_PATH are acutally implemented; <dlfcn.h>? --
 > to check each element of a path and check for crossing over mountpoints
 > which are mounted noexec, and skipping those search-paths altogether.
 > 
 > Not to close the security loophole -- we agree on the right place for
 > that -- but to give cleaner semantics to anyone fishing for loopholes.

...except you wouldn't want to do that... because a perfectly legitimate
configuration might be to have a "noexec" /u1/ftp and a nullfs r/o mounted
on /u1/ftp/bin that has some executables in it that the FTP server is
allowed to run (just as an example).

-- 
        -- Jason R. Thorpe <thorpej@wasabisystems.com>