Firewall Wizards mailing list archives
Re: Securing a Linux Firewall
From: Brian Hatch <firewall-wizards () ifokr org>
Date: Tue, 23 Jul 2002 14:12:30 -0700
s/can/may be able to/, it depends on the ammount of space the attacker has to work with- also the attacker may only have write access to a noexec/nodev filesystem.
A noexec filesystem won't help. Say you have /noexec mounted
with (duh) noexec. That protects you from running
$ /noexec/path/to/program
but not
$ sh /noexec/path/to/shellscript
or
$ /lib/ld-linux.so.2 /noexec/path/to/program
for example.
(Not that noexec isn't a good idea - it's just not a silver bullet.)
--
Brian Hatch "Enjoy your time with the
Systems and perpetual motion machine
Security Engineer you call a daughter"
www.hackinglinuxexposed.com --Stephen Entwisle
Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- Re: Securing a Linux Firewall, (continued)
- Re: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Mordechai T. Abzug (Jul 23)
- Re: Securing a Linux Firewall Frank Knobbe (Jul 23)
- Re: Securing a Linux Firewall Ng Pheng Siong (Jul 24)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- RE: Securing a Linux Firewall Carson Gaspar (Jul 23)
- RE: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall John McDermott (Jul 23)
- Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)
- Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)