|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Tech Support (tech
chilitech.net)Date: Wed Apr 24 2002 - 21:18:12 CDT
Even if /home isn't mounted as noexec you can still prevent it if you do it
right:
[supportshell matth]$ telnet
bash: /usr/bin/telnet: Permission denied
[supportshell matth]$ ls -l /usr/bin/telnet
-rwxr-x--- 1 root outgoing 62304 Apr 15 1999 /usr/bin/telnet
[supportshell matth]$ cp /usr/bin/telnet ~/
cp: /usr/bin/telnet: Permission denied
This is because the user "support" is not in the group "outgoing" hence they
can't do ANYTHING to that file.
~ Matt
-----Original Message-----
From: FozZy [mailto:fozzydmpfrance.com]
Sent: Wednesday, April 24, 2002 5:12 PM
To: Olaf Kirch
Cc: dravenUBBCluj.Ro; vuln-devsecurityfocus.com;
focus-linuxsecurityfocus.com
Subject: Re: /lib/ld-2.2.4.so
> You can't fix it. You can always do
>
> cp file-with-mode-444-perms ./foobar
> chmod +x foobar
> ./foobar
Well, not "always". I used to be on a system where home partitions, /tmp,
and any place where you can write something, were mounted as noexec. There
was also no compiler, etc.
But, with this trick a cracker could upload his favorite binary exploit and
easily run it.
FozZy
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]