|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: cron exploit?
From: Steffen Kluge (kluge
fujitsu.com.au)
Date: Wed Oct 01 2003 - 20:44:42 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Thu, 2003-10-02 at 05:08, Barry Fitzgerald wrote:
> Rule of thumb: anything that the user doesn't need to write to, mount as
> ro and only take it out of ro if necessary, mount all other
> write-required locations as nodev,nosuid,noexec...
Noexec seems to be a waste of time, at least on the Linux boxes I've
tested it. It is trivially circumvented, since it appears to be checked
only by the exec* system calls.
Something like `/lib/ld-linux.so.2 /tmp/prog' runs anything from a
noexec mounted /tmp filesystem, and is safe and easy to build into root
kits.
Nevertheless, noexec frustrates the occasional software installer
(vmware, openoffice), that extracts an install script to /tmp...
I'd be interested to hear how noexec is implemented on other Unixes, at
the moment I haven't got access to any I could play with.
Cheers
Steffen.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQA/e4MJUmpSA4kzHnARArNfAJ9nQ0yCJ+OD9JV/FlM7Fpol5FiciwCbBSsa
QqcuKb5wxW1Q9kuCgpkAQNc=
=W9jC
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]