At 110 kilograms, how far will it fly when it gets T-boned by a Hummer?
Slashdot videos: Now with more Slashdot!
We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).
With all the hype surrounding Daikatana for years prior to its release, I don't understand how anyone could accuse it of being a game with bad advertising.
Guess what? noexec doesn't do jack shit on the majority of Linux systems, and does not prevent anybody from running a. You know why?
This little file is in the ELF header of basically every single ELF-format Linux binary, under a field called INTERP (you can see this by dumping a binary with readelf). Yes, even though the executable is a binary, it calls an interpreter to handle all of the run-time module loading. By a really obnoxious design decision in Linux that laughs in the face of security, this library, despite its
I don't see why this binary couldn't have added a check to see whether or not the program it's passed is mounted on a noexec filesystem, but to this day, it doesn't care.
It's also one of the reasons Solaris guys didn't take the idea of "Linux security" seriously for a very, very, very long time.
Not all is lost, though. SELinux can prevent the system from invoking this directly, outside the context of a freshly-executed process. It just relies on SELinux being properly set up on your systems.
This still doesn't completely fix the problem. On many (most?) systems, a user can still get around this by abusing LD_PRELOAD to preload a library with the same name and same symbols as one being loaded by some arbitrary program they're executing. Then, instead of compiling an executable binary, they're stuffing their code into a library instead and abusing the system's module loader to execute it. (This was the source of Oracle's SA10043 advisory, among others. It's the application's responsibility to validate LD_PRELOAD, especially where privilege escalation can occur.)
It's safest just to assume that if the user can run any arbitrary program the administrator put there, they can also run any arbitrary program the user put there.
It's basically a customization of Red Hat Enterprise Linux.