|
Vulnerability Development
mailing list archives
Re: Thwarting /bin/bash, an anti-overflow concept ?
From: "Vlad Tsyrklevich" <vlad () sig11 zemos net>
Date: Sat, 10 Jan 2004 8:18:14 -0000
Ofcourse we could rename /bin/bash to /bin/whatever_we_want, and thus add
some security by obscurity, but the next exploit is going to cat
/etc/shells or /etc/passwd, and then the attacker knows the name of the
shell.
When you said this I thought why nobody has done this and created a beta
that reads /etc/shells to
find the first "/" and execute it (A bug being currently even if it resides
in a comment). It's 96
bytes (Pretty big) and has been tested on 2.4 and 2.6 kernels', later on I
may add checking to it
so that it doesn't get fooled by comments.
$ ./shells
Shellcode = 96 bytes
[/home/vlad/test/shells]$
http://sig11.zemos.net/vlad/shells.c
http://sig11.zemos.net/vlad/shells.asm
 By Date 
By Thread
Current thread:
|
Intro
