mailing list archives
Re: No shell => secure?
From: Valdis.Kletnieks () vt edu
Date: Fri, 09 Jul 2004 10:46:19 -0400
On Thu, 08 Jul 2004 12:04:53 +0200, Matthias Benkmann <msbREMOVE-THIS () winterdrache de> said:
I can't say I've looked at much exploit-code so far but the POC exploits
to gain root I've seen for Linux all executed /bin/sh. I'd like to know if
this is true for in-the-wild exploits to root a box, too. If so, would it
be a useful security measure to rename /bin/sh and other shells (after
making sure that everything that needs them has been updated to the new
name, of course)?
The problem is making sure that *everything* has been updated, and stays
If renaming the shell is not enough, how about renaming all of the
standard Unix top-level directories (such as /bin, /etc,...)? Would that
defeat standard exploits to root a box?
It would also defeat standard ways to install patches and so on. Don't
forget to grep all your shared libraries (hint - how many places doe
glibc look in /etc for stuff?)
Unless it's an embedded system that only needs like 6 binaries to do its
job, you will go nuts trying to maintain it.