Follow Slashdot blog updates by subscribing to our blog RSS feed


Forgot your password?
Back for a limited time - Get 15% off sitewide on Slashdot Deals with coupon code "BLACKFRIDAY" (some exclusions apply)". ×

Comment Re:You don't (Score 0) 904

Guess what? noexec doesn't do jack shit on the majority of Linux systems, and does not prevent anybody from running a. You know why? /lib/ (On x86_64, there's also /lib64/

This little file is in the ELF header of basically every single ELF-format Linux binary, under a field called INTERP (you can see this by dumping a binary with readelf). Yes, even though the executable is a binary, it calls an interpreter to handle all of the run-time module loading. By a really obnoxious design decision in Linux that laughs in the face of security, this library, despite its .so extension, is executable by design and by necessity on every single Linux system in the world. And by passing it the path to a program as its arguments, you can run any binary your little heart desires, whether the filesystem is mounted noexec or not. You can't possibly turn this behavior off unless you have a system with no dynamically linked binaries.

I don't see why this binary couldn't have added a check to see whether or not the program it's passed is mounted on a noexec filesystem, but to this day, it doesn't care.

It's also one of the reasons Solaris guys didn't take the idea of "Linux security" seriously for a very, very, very long time.

Not all is lost, though. SELinux can prevent the system from invoking this directly, outside the context of a freshly-executed process. It just relies on SELinux being properly set up on your systems.

This still doesn't completely fix the problem. On many (most?) systems, a user can still get around this by abusing LD_PRELOAD to preload a library with the same name and same symbols as one being loaded by some arbitrary program they're executing. Then, instead of compiling an executable binary, they're stuffing their code into a library instead and abusing the system's module loader to execute it. (This was the source of Oracle's SA10043 advisory, among others. It's the application's responsibility to validate LD_PRELOAD, especially where privilege escalation can occur.)

It's safest just to assume that if the user can run any arbitrary program the administrator put there, they can also run any arbitrary program the user put there.

Data Storage

Data Centers Crucial To Lehman Sale 301

miller60 writes "What assets retain value in the midst of a financial panic? Data centers. When assets of bankrupt Lehman Brothers were sold to Barclays Tuesday for $1.75 billion, Lehman's data centers and headquarters accounted for $1.5 billion of the value in the deal. That echoes the JPMorgan-Bear Stearns fire sale, in which Bear's two data centers and HQ represented much of the sale price. Amidst financial turmoil, Wall Street's high-tech data centers become the crown jewels for buyers of distressed assets."

National Car Tracking System Proposed For US 563

bl968 writes "The Newspaper is reporting that the leading private traffic enforcement camera vendors are seeking to establish a national vehicle tracking system in the United States using existing red-light and speed enforcement cameras. The system would utilize Automatic Number Plate Recognition (ANPR) to track vehicles passing surveillance cameras operated by these companies. If there are cameras positioned correctly the company will enable images and video to be taken of the driver and passengers. The nice thing in their view is that absolutely no warrants are needed. To gain public acceptance, the surveillance program is being initially sold as an aid for police looking to solve Amber Alert cases and locate stolen cars."

How Nvidia Wants To Bring 3D Glasses Back 341

notthatwillsmith writes "For the last ten years, we've heard the promise of 3D shutter glasses, which when combined with the proper video card drivers and a good display, can trick your brain into thinking that your 2D monitor is creating 3D images. Unfortunately the glasses never really took off, partly because there were rendering problems with many popular 3D games but mostly because monitors didn't support high enough refresh rates to display games without giving people crushing headaches. Nvidia thinks they've solved both problems--the software works much better, and there are a surprising number of supported 120Hz-capable TVs and monitors that ameliorate the headache factor. Maximum PC has a hands-on with Nvidia's new tech, plus details about Nvidia's planned hardware solution."

City Sues To Prevent Linking To Its Website 429

Mike writes "In what appears to be a first-of-its-kind case, the Sheboygan city attorney ordered Jennifer Reisinger to remove a link to the city's police department from her Web site. The city went further, she claims, launching a criminal investigation of her for linking to the department on one of her sites, and in response she's suing the mayor and the city. 'The mayor decided to use his office to get back at Jennifer for her efforts in the recall and picked this to do it,' said her attorney, Paul Bucher. It appears this will go to court, and the question will be can a city (or any business or Web property) stop people from posting a link to its site?"

Submission + - How did DST07 Go?

joekampf writes: "So, today is March 11th. DST07 has started. How has it gone? Has anyone encountered any problems? Anyone completely ignore the problem get bit? Anyone who addressed the problem get bit? Did any planes fall out of the air? Did any power plants blow up? Was this just another media hype?"

Google's Best Perk — Transport 342

Reverse Gear writes "The New York Times has an interesting article about how different kinds of fringe benefits are starting to count more in the fight for the best brains in Silicon Valley. The article mainly focuses on Google's high-tech shuttle-bus system, which is quite extensive, covering a majority of the San Fransisco Bay area. The article quotes a transportation expert opining that Google's may be the largest such private system anywhere. One-quarter of the headquarters employees are now using it. A Google software engineer said: 'They could either charge for the food or cut it altogether... If they cut the shuttle, it would be a disaster.'"

What this country needs is a dime that will buy a good five-cent bagel.