Comment 21 for bug 90085

Martino Dell'Ambrogio (tillo) wrote :

> by invoking the executable with the help of the dynamic Linux loader.

Although you are right, in real world vulnerability exploitation you often don't control much of the environment, sometimes even the way an executable gets executed.

The reason most people mount tmp with noexec is that it is world writable. Thanks to that, even services with explicit reduced rights can leverage the file system when remotely exploiting a vulnerability.

By using noexec (and nodev, nosuid...) you add security. You don't make it impossible to exploit, you make it more difficult.
Why do you think ASLR, DEP and many other protection techniques are still very much in use, while they are constantly circumvented ? Difficulty of exploitation is one of the major points of risk management. With a bit of effort, you grow the resources needed to exploit a vulnerability, which in turn makes it less likely to be exploited.

While comment #19 already stated a valid workaround for this bug, it would really be a good sign if security aware parties would join the discussion... even after 8 years.