On Tue, 2 May 2006 15:49:26 +0400, Anton Karpov wrote: >Imagine the typical situation: an attacker get non-root access to your >system, maybe due to the hole in your network daemon foobard, maybe due to >the badly coded cgi, or maybe he is a legitimate shell user. The next his >step is to get full privileges, e.g. root account. Let suppose he has a l33t >pr1v4t3 spl01t which exploits local vulnerability in your system. He >transfers source code to your box, and, with compiler onboard, he ./0wns >you. >But what if your system has no compiler? When attacker should compile his >sploit anywhere, and transfer binary evil code onto your box. E.g. he has to >have access to the similar machine, maybe with similas OS version and arch. >He has to transfer binary to your box properly, leaving your logfiles silent >(it's not so easy to transfer binary file, like text one: cat > sploit.c ^D, >right?). Anyhow, it TAKES TIME for him to do the job. >Maybe, that's why people think box without compiler is a little bit safer?
Stop dreaming up loads of crap, please. You don't even have the logical consistency to evaluate the bullshit you are spreading as pretended questions. If you had any clues at all you would recognise the falaciousness of your theoretical trolling and not hit the send key. If the mythical attacker does not know your arch and OS/version he won't have an exploit. If he can break in as a lowly user uname -a will tell him what it is anyway. And don't tell me we should disable that command or cause it to lie because then I'll shoot you down another way. There are a couple of people around here that you should form a little club with. They blow in and out regularly with fantasies of exploits and dreams of wonderful ways to prevent them. They provide some easy targets for people without a sense of humour regarding clowns. Back to the circus, Anton, you ain't funny any more. Pathetic is more like it. > >2006/5/2, Nick Holland <[EMAIL PROTECTED]>: >> >> Anton Karpov wrote: >> > Maybe, because in some cases, it just takes a bit more time to 0wn your >> box >> > if it has no compiler installed. >> >> Bull. >> >> I've never heard of someone taking over a box using a compiler. After >> all, >> the compiler is not exposed to the outside world. At most, they build >> some >> tools on the system AFTER the takeover. But that's hardly the only way to >> get those tools on the system. >> >> scp works very nicely. >> ftp works very nicely. >> http works very nicely. >> >> After all...why download and compile tools when you can just download the >> pre-compiled tools? If you can't download the pre-compiled binaries, you >> won't be downloading the source, either. > > >From the land "down under": Australia. Do we look <umop apisdn> from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
