by mail.netbsd.org with SMTP; 19 Apr 2000 18:46:16 -0000
	by noc.untraceable.net (8.10.1/8.10.1/bonk!) id e3JIkFI17921
	for tech-security@netbsd.org; Wed, 19 Apr 2000 14:46:15 -0400 (EDT)
Date: Wed, 19 Apr 2000 14:46:15 -0400
From: Andrew Brown <atatat@atatdot.net>
To: tech-security@netbsd.org
Subject: noexec + shared libraries
Message-ID: <20000419144614.A17775@noc.untraceable.net>
Reply-To: Andrew Brown <atatat@atatdot.net>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Return-Receipt-To: receipts@daemon.org

i don't know off the top of my head but i'd be willing to guess that:

 * allowing shared libraries to be used (used as executable text) from
   a file system mounted noexec is a bad thing

 * netbsd (and probably all other unixes) don't specifically disallow
   it

two cases come to mind:

 * the run-time linker obeys a user's LD_LIBRARY_PATH and mistakenly
   links in a library on a volume nfs mounted from a foreign
   architecture resulting in a program crash (hopefully).

 * the user gets a hacked copy of a shared libc for the right
   architecture, can only put it in his home directory (can't write
   anywhere else since bofh enforces strict quotas) that is on a
   volume mounted noexec (bofh doesn't trust his users either), and
   cons the run-time linker into using it instead of the system libc,
   thereby circumventing any "illusions" the bofh had at users not
   being able to do something.

i guess it would be theoretically possible (although i've not tried
this) to put a c compiler (or anything else for that matter, eg ftp or
telnet) in a share library (ala libperl) and run it via the run-time
linker and some "trusted" program.z

-- 
|-----< "CODE WARRIOR" >-----|
codewarrior@daemon.org             * "ah!  i see you have the internet
twofsonet@graffiti.com (Andrew Brown)                that goes *ping*!"
andrew@crossbar.com       * "information is power -- share the wealth."