Re: a secure base system

[Thomas Sjögren <thomas () northernsecurity net>]

On Mon, Mar 15, 2004 at 09:38:06PM +0100, Tobias Weisserth wrote:
> > $ readelf -l /bin/bash | grep interpreter
> >       [Requesting program interpreter: /lib/ld-linux.so.2]
> >
> > $ /lib/ld-linux.so.2 /bin/bash --version
> > GNU bash, version 2.05b.0(1)-release (i386-redhat-linux-gnu)
> > Copyright (C) 2002 Free Software Foundation, Inc.
>
> Well, at least the noexec option for /tmp prevents 99% of available
> ready-to-run exploits and root kits to execute properly, since they were
> written to run from within /tmp. I guess this takes care of most of the
> simple "script-kiddies". But you're right. I doesn't really "solve" the
> problem. But it raises the bar because exploits have to be adapted and
> luckily not everybody is able to do this.

http://linux.bkbits.net:8080/linux-2.4/cset@1.1267.1.85
                             ^^^^^^^^^
"This patch submitted by Ullrich Drepper to 2.6 last week fixes the
behaviour of 'noexec' mounted partitions. Up until now it was possible
to circumvent the 'noexec' flag and run binaries off a 'noexec' partition
by using ld-linux.so.2 or any other executable loader. This patch allows to
properly honour the 'noexec' behaviour."

and setting /tmp noexec under Debian will probably break apt
(section 4.9.1,
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.9)

/Thomas
-- 
== thomas () northernsecurity net | thomas () se linux org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--

Attachment: signature.asc
Description: Digital signature