ELF executables and ld-linux.so.2

Let's say you ran this command by mistake:  

[root@host]# chmod -x /bin/chmod

How can you run chmod again if the executable flag is not set ?

On Linux, when you execute an ELF executable, the kernel does some mapping and then hands the rest of process setup off to ld.so(1), which is treated somewhat like a (hardware backed) interpreter for ELF files, much like /bin/sh interprets shell scripts, perl interprets perl scripts, etc. And just like you can invoke a shell script without the executable bit via ’/bin/sh your_script’, you can do:

[root@host]# /lib/ld-linux.so.2 /bin/chmod +x /bin/chmod

or on x86_64 systems:

[root@host]# /lib64/ld-linux-x86-64.so.2 /bin/chmod +x /bin/chmod

A different way to approaching this problem is by copying the chmod file over /usr/sbin/nologin. By doing this the new nologin file, which is effectively the chmod binary will now have executable attributes:

[root@host]# cp /bin/chmod /usr/sbin/nologin
[root@host]# nologin +x /usr/sbin/chmod