Firewall Wizards: Re: Securing a Linux Firewall

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: Securing a Linux Firewall

From: Brian Hatch <firewall-wizards () ifokr org>
Date: Tue, 23 Jul 2002 14:12:30 -0700

s/can/may be able to/, it depends on the ammount of space the attacker has 
to work with- also the attacker may only have write access to a 
noexec/nodev filesystem.


A noexec filesystem won't help.  Say you have /noexec mounted
with (duh) noexec.  That protects you from running

        $ /noexec/path/to/program
but not
        $ sh /noexec/path/to/shellscript
or
        $ /lib/ld-linux.so.2 /noexec/path/to/program

for example.

(Not that noexec isn't a good idea - it's just not a silver bullet.)

--
Brian Hatch                  "Enjoy your time with the
   Systems and                perpetual motion machine
   Security Engineer          you call a daughter"
www.hackinglinuxexposed.com  --Stephen Entwisle

Every message PGP signed

Attachment: _bin
Description:

By Date By Thread

Current thread:

Re: Securing a Linux Firewall, (continued)
- Re: Securing a Linux Firewall Kevin Steves (Jul 26)
- RE: Securing a Linux Firewall Bruce Platt (Jul 23)
  - RE: Securing a Linux Firewall Carson Gaspar (Jul 23)
    - RE: Securing a Linux Firewall Paul Robertson (Jul 23)
    - Re: Securing a Linux Firewall Brian Hatch (Jul 23)
    - Re: Securing a Linux Firewall John McDermott (Jul 23)
    - Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)
    - Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)
    - Re: Securing a Linux Firewall Brian Hatch (Jul 23)
    - Re: Securing a Linux Firewall Carson Gaspar (Jul 24)