Re: No shell => secure?

[Valdis.Kletnieks () vt edu]

On Thu, 08 Jul 2004 12:04:53 +0200, Matthias Benkmann <msbREMOVE-THIS () winterdrache de>  said:
> I can't say I've looked at much exploit-code so far but the POC exploits
> to gain root I've seen for Linux all executed /bin/sh. I'd like to know if
> this is true for in-the-wild exploits to root a box, too. If so, would it
> be a useful security measure to rename /bin/sh and other shells (after
> making sure that everything that needs them has been updated to the new
> name, of course)?

The problem is making sure that *everything* has been updated, and stays
updated.

> If renaming the shell is not enough, how about renaming all of the
> standard Unix top-level directories (such as /bin, /etc,...)? Would that
> defeat standard exploits to root a box?

It would also defeat standard ways to install patches and so on.  Don't
forget to grep all your shared libraries (hint - how many places doe
glibc look in /etc for stuff?)

Unless it's an embedded system that only needs like 6 binaries to do its
job, you will go nuts trying to maintain it.

Attachment: _bin
Description: