|
Security Incidents
mailing list archives
Re: cron exploit?
From: Steffen Kluge <kluge () fujitsu com au>
Date: Thu, 02 Oct 2003 11:44:42 +1000
On Thu, 2003-10-02 at 05:08, Barry Fitzgerald wrote:
Rule of thumb: anything that the user doesn't need to write to, mount as
ro and only take it out of ro if necessary, mount all other
write-required locations as nodev,nosuid,noexec...
Noexec seems to be a waste of time, at least on the Linux boxes I've
tested it. It is trivially circumvented, since it appears to be checked
only by the exec* system calls.
Something like `/lib/ld-linux.so.2 /tmp/prog' runs anything from a
noexec mounted /tmp filesystem, and is safe and easy to build into root
kits.
Nevertheless, noexec frustrates the occasional software installer
(vmware, openoffice), that extracts an install script to /tmp...
I'd be interested to hear how noexec is implemented on other Unixes, at
the moment I haven't got access to any I could play with.
Cheers
Steffen.
Attachment:
signature.asc
Description: This is a digitally signed message part
 By Date 
By Thread
Current thread:
|
Intro
