Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: a secure base system
From: Thomas Sjögren <thomas () northernsecurity net>
Date: Tue, 16 Mar 2004 18:07:52 +0100

On Mon, Mar 15, 2004 at 09:38:06PM +0100, Tobias Weisserth wrote:
$ readelf -l /bin/bash | grep interpreter
      [Requesting program interpreter: /lib/ld-linux.so.2]

$ /lib/ld-linux.so.2 /bin/bash --version
GNU bash, version 2.05b.0(1)-release (i386-redhat-linux-gnu)
Copyright (C) 2002 Free Software Foundation, Inc.

Well, at least the noexec option for /tmp prevents 99% of available
ready-to-run exploits and root kits to execute properly, since they were
written to run from within /tmp. I guess this takes care of most of the
simple "script-kiddies". But you're right. I doesn't really "solve" the
problem. But it raises the bar because exploits have to be adapted and
luckily not everybody is able to do this.

http://linux.bkbits.net:8080/linux-2.4/cset () 1 1267 1 85
                             ^^^^^^^^^
"This patch submitted by Ullrich Drepper to 2.6 last week fixes the
behaviour of 'noexec' mounted partitions. Up until now it was possible
to circumvent the 'noexec' flag and run binaries off a 'noexec' partition
by using ld-linux.so.2 or any other executable loader. This patch allows to
properly honour the 'noexec' behaviour."

and setting /tmp noexec under Debian will probably break apt
(section 4.9.1,
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.9)

/Thomas
-- 
== thomas () northernsecurity net | thomas () se linux org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault