Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: No shell => secure?
From: Valdis.Kletnieks () vt edu
Date: Fri, 09 Jul 2004 10:46:19 -0400

On Thu, 08 Jul 2004 12:04:53 +0200, Matthias Benkmann <msbREMOVE-THIS () winterdrache de>  said:
I can't say I've looked at much exploit-code so far but the POC exploits
to gain root I've seen for Linux all executed /bin/sh. I'd like to know if
this is true for in-the-wild exploits to root a box, too. If so, would it
be a useful security measure to rename /bin/sh and other shells (after
making sure that everything that needs them has been updated to the new
name, of course)?

The problem is making sure that *everything* has been updated, and stays
updated.

If renaming the shell is not enough, how about renaming all of the
standard Unix top-level directories (such as /bin, /etc,...)? Would that
defeat standard exploits to root a box?

It would also defeat standard ways to install patches and so on.  Don't
forget to grep all your shared libraries (hint - how many places doe
glibc look in /etc for stuff?)

Unless it's an embedded system that only needs like 6 binaries to do its
job, you will go nuts trying to maintain it.

Attachment: _bin
Description:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]