On Fri, Jan 12, 2007 at 02:22:48PM +0100, Sven Arvidsson wrote: > On Thu, 2007-01-11 at 18:52 -0500, Roberto C. Sanchez wrote: > > Yup. While that will thwart the most naïve of attacks, put a binary > > (not a script) in there (something like ls works) and run this: > > > > /lib/ld-linux.so.2 /tmp/ls > > That is actually not possible if you have a recent linux kernel. > What kernel? I am running 2.6.17.
> "Newer versions of the kernel do however handle the noexec flag > properly: > > angrist:/tmp# mount | grep /tmp > /dev/hda3 on /tmp type ext3 (rw,noexec,nosuid,nodev) > angrist:/tmp# ./date > bash: ./tmp: Permission denied > angrist:/tmp# /lib/ld-linux.so.2 ./date > ./date: error while loading shared libraries: ./date: failed > to map segment > from shared object: Operation not permitted" > > http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.10 > > There might still be an easy way around that of course. > Probably so. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
signature.asc
Description: Digital signature
