Security Incidents mailing list archives
Re: Suspicious files in /tmp
From: Valdis.Kletnieks () vt edu
Date: Wed, 20 Jun 2007 12:47:23 -0400
On Tue, 19 Jun 2007 13:33:21 +1200, Robin Sheat said:
I think it's also the case (I don't have a noexec partition handy to test on) that you can get around this by doing something like: /lib/ld-linux.so.2 /tmp/mybadbinary e.g.: /lib/ld-linux.so.2 /bin/ls
This particular trick was closed in the 2.6.0 kernel. I am *not* sure whether the fix was backported to the 2.4 kernel or not.
Attachment:
_bin
Description:
Current thread:
- Suspicious files in /tmp kladizkov.thehome (Jun 18)
- Re: Suspicious files in /tmp Matt D. Harris (Jun 18)
- Re: Suspicious files in /tmp Michal Zalewski (Jun 19)
- Re: Suspicious files in /tmp Matt D. Harris (Jun 19)
- Re: Suspicious files in /tmp Michal Zalewski (Jun 19)
- Message not available
- Re: Suspicious files in /tmp Michal Zalewski (Jun 20)
- Re: Suspicious files in /tmp Michal Zalewski (Jun 19)
- Re: Suspicious files in /tmp Matt D. Harris (Jun 18)
- Re: Suspicious files in /tmp Rainer Duffner (Jun 19)
- Re: Suspicious files in /tmp Rainer Duffner (Jun 19)
- Re: Suspicious files in /tmp Robin Sheat (Jun 19)
- Re: Suspicious files in /tmp Valdis . Kletnieks (Jun 20)
- RE: Suspicious files in /tmp Thyago Braga da Silva (Jun 21)
- RE: Suspicious files in /tmp kaneda (Jun 21)
- Re: Suspicious files in /tmp Eduardo Tongson (Jun 22)
- Re: Suspicious files in /tmp Cy Schubert (Jun 21)
- <Possible follow-ups>
- Re: Suspicious files in /tmp Juha-Matti Laurio (Jun 19)