Firewall Wizards mailing list archives
Re: Securing a Linux Firewall
From: Brian Hatch <firewall-wizards () ifokr org>
Date: Tue, 23 Jul 2002 14:12:30 -0700
s/can/may be able to/, it depends on the ammount of space the attacker has to work with- also the attacker may only have write access to a noexec/nodev filesystem.
A noexec filesystem won't help. Say you have /noexec mounted with (duh) noexec. That protects you from running $ /noexec/path/to/program but not $ sh /noexec/path/to/shellscript or $ /lib/ld-linux.so.2 /noexec/path/to/program for example. (Not that noexec isn't a good idea - it's just not a silver bullet.) -- Brian Hatch "Enjoy your time with the Systems and perpetual motion machine Security Engineer you call a daughter" www.hackinglinuxexposed.com --Stephen Entwisle Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- Re: Securing a Linux Firewall, (continued)
- Re: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Mordechai T. Abzug (Jul 23)
- Re: Securing a Linux Firewall Frank Knobbe (Jul 23)
- Re: Securing a Linux Firewall Ng Pheng Siong (Jul 24)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall Frederick M Avolio (Jul 23)
- RE: Securing a Linux Firewall Carson Gaspar (Jul 23)
- RE: Securing a Linux Firewall Paul Robertson (Jul 23)
- Re: Securing a Linux Firewall Brian Hatch (Jul 23)
- Re: Securing a Linux Firewall John McDermott (Jul 23)
- Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)
- Re: Securing a Linux Firewall Marcus J. Ranum (Jul 23)