Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: pgp passphrase
From: Tomasz Konefal <twkonefal () compt com>
Date: Mon, 22 Mar 2004 12:03:05 -0500

Jim Richardson wrote:
On Sun, Mar 21, 2004 at 09:49:29AM +0100, Cedric Blancher wrote:
Le dim 21/03/2004 à 02:04, Jim Richardson a écrit :

>Keylogger ?
Installed how?
With the worm...
Where? /home is mounted noexec.

no problem, see here:

http://lists.netsys.com/pipermail/full-disclosure/2004-January/015143.html

"The ability to load a new process image without the direct aid of the kernel is important in many scenarios. For example: a program (e.g. shellcode) could load a binary off the wire and execute it without first creating a copy on disk; or, a program could extract a binary from an encrypted data store and execute it without creating a plain text image on the disk. Userland exec is useful for any situation where it is preferable not to create a file on the disk when executing a program."

cheers,
  twkonefal


--
Tomasz Konefal
Systems Administrator
Command Post and Transfer Corp.
416-585-9995 x.349

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault