On Thu, Oct 18, 2001 at 04:02:48PM -0700, Jonathan Stone wrote:
> 
> >2) We don't even *check* to see if files have execute permission before
> > executing code that came from them via mmap -- for example, shared
> > libraries.  
> 
> And here we need to check noexec, not for x bits.  If I can write a
> trojan .so file into a writable filesystem, I can set teh x bit on
> that trojan .so file, too.

So what?  I suggest that the treatment should be exactly the same as for
executable files: the x bit should not be honored if noexec is set, and
if the x bit is not present or not honored, the code should not be executed.

-- 
Thor Lancelot Simon	                                      tls@rek.tjls.com
    And now he couldn't remember when this passion had flown, leaving him so
  foolish and bewildered and astray: can any man?
						   William Styron