Writing

Software, technology, sysadmin war stories, and more. Feed
Wednesday, March 28, 2012

A correction about the ld-linux.so workaround

I have a correction to make to yesterday's post about mod_php and Apache. Unfortunately, it's not good news about the root problem which is all of those file descriptors being inherited. It's about the mention of using ld-linux.so to run something from a filesystem mounted noexec.

Thanks to quick feedback from Matt, I now know that strategy is no longer valid unless you are running a relatively old kernel. From the mount man page:

noexec Do not allow direct execution of any binaries on the mounted file system. (Until recently it was possible to run binaries anyway using a command like /lib/ld*.so /mnt/binary. This trick fails since Linux 2.4.25 / 2.6.0.)

So there it is. One part of my tale is now obsolete. Thanks for the tip, Matt!

It's too bad that the rest of it is still chillingly valid.