An easy way to remove the noexec protection from partitions
Posted: Fri Nov 16, 2012 1:36 pm
To make our life harder, Samsung decided to make all custom mounts as noexec. So you can't run a file from USB. Here is a code from their sources:
Looking at this source code - it is easy to overcome this protection. The code does the following: it checks that the device path contains a given string somewhere inside its name. So you can create your own device with mknode that contains, say, "bml" in its name - and this device would be mounted as executable.
Here is a working example, tested on my UE32ES6727:
This example uses the "none" allowed device substring.
Code: Select all
#ifdef CONFIG_MOUNT_SECURITY
/*
* Devices in this list will not be applied "noexec" option.
* All device will be applied "noexec" option to protect system security
* except some devices for system
* */
char *allowedDEV[] = {"bml", "stl", "mmcblk", "dev/root",
"proc", "rootfs", "sysfs", "tmpfs", "none",
"END" };
#endif
....
#ifdef CONFIG_MOUNT_SECURITY
/* Apply MNT_NOEXEC option except some devices for system */
numOfDev = sizeof(allowedDEV)/sizeof(allowedDEV[0]);
for( i = 0 ; i < numOfDev ; i++) {
if(strstr(dev_name, allowedDEV[i]) != NULL)
break;
}
if( i == numOfDev ) {
mnt_flags |= MNT_NOEXEC;
}
#endif
Here is a working example, tested on my UE32ES6727:
Code: Select all
mknod /tmp/loopnone b 7 9
losetup /tmp/loopnone /dtv/usb/sda1/t-mst10pdeuc.xfs
mount -o sync,exec /tmp/loopnone /mnt