Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!



Sahimo Hydrogen Vehicle Gets Over 1,300 mpg

AntiOrganic The real question (453 comments)

At 110 kilograms, how far will it fly when it gets T-boned by a Hummer?

more than 5 years ago

How Steam Revived a Dead Game

AntiOrganic Re:Advertising (234 comments)

With all the hype surrounding Daikatana for years prior to its release, I don't understand how anyone could accuse it of being a game with bad advertising.

more than 5 years ago

Locking Down Linux Desktops In an Enterprise?

AntiOrganic Re:You don't (904 comments)

Guess what? noexec doesn't do jack shit on the majority of Linux systems, and does not prevent anybody from running a. You know why? /lib/ld-linux.so.2. (On x86_64, there's also /lib64/ld-linux-x86-64.so.2.)

This little file is in the ELF header of basically every single ELF-format Linux binary, under a field called INTERP (you can see this by dumping a binary with readelf). Yes, even though the executable is a binary, it calls an interpreter to handle all of the run-time module loading. By a really obnoxious design decision in Linux that laughs in the face of security, this library, despite its .so extension, is executable by design and by necessity on every single Linux system in the world. And by passing it the path to a program as its arguments, you can run any binary your little heart desires, whether the filesystem is mounted noexec or not. You can't possibly turn this behavior off unless you have a system with no dynamically linked binaries.

I don't see why this binary couldn't have added a check to see whether or not the program it's passed is mounted on a noexec filesystem, but to this day, it doesn't care.

It's also one of the reasons Solaris guys didn't take the idea of "Linux security" seriously for a very, very, very long time.

Not all is lost, though. SELinux can prevent the system from invoking this directly, outside the context of a freshly-executed process. It just relies on SELinux being properly set up on your systems.

This still doesn't completely fix the problem. On many (most?) systems, a user can still get around this by abusing LD_PRELOAD to preload a library with the same name and same symbols as one being loaded by some arbitrary program they're executing. Then, instead of compiling an executable binary, they're stuffing their code into a library instead and abusing the system's module loader to execute it. (This was the source of Oracle's SA10043 advisory, among others. It's the application's responsibility to validate LD_PRELOAD, especially where privilege escalation can occur.)

It's safest just to assume that if the user can run any arbitrary program the administrator put there, they can also run any arbitrary program the user put there.

more than 5 years ago

Open Source Software For Experimental Physics?

AntiOrganic Re:Fermilab... (250 comments)

It's basically a customization of Red Hat Enterprise Linux.

about 6 years ago

Examining the Beginnings of the RTS Genre

AntiOrganic Battletech: The Crescent Hawk's Revenge (1989) (135 comments)

In 1989, Westwood released a little-known game called "Battletech: The Crescent Hawk's Revenge." This game developed a lot of the ideas that would later be polished in Dune 2 and, in my opinion, deserves more credit for really kicking off the genre than Dune 2 does: Dune 2 really just took the same ideas and refined them into a more successful game.


more than 6 years ago


AntiOrganic hasn't submitted any stories.


AntiOrganic has no journal entries.

Slashdot Login

Need an Account?

Forgot your password?