On Tue, May 20, 2003 at 05:45:21PM +0200, Martin Pitt wrote: > Is there any particular reason to have /lib/ld-linux.so.* exxecutable? > If it is used only as a proper library, it need not be executable. > > The problem is that this breaks the "noexec" mount option. If /foo is > mounted noexec, then one cannot do /foo/myprog, but > > /lib/ld-linux.so.1 /foo/myprog > > will work. > > This prevents proper separation of executable and writable files, thus > I consider this as a security hole. > > Any comments to this?
/lib/ld-linux.so.1 is not magic. It is not setuid or privileged in any other way in a normal Linux operation. This should provide a hint as to the type of 'security' which would be provided by changing its permissions. 'chmod o-x /bin/rm' doesn't prevent anyone from unlinking files. -- - mdz