Full Disclosure mailing list archives
Re: a secure base system
From: Thomas Sjögren <thomas () northernsecurity net>
Date: Tue, 16 Mar 2004 18:07:52 +0100
On Mon, Mar 15, 2004 at 09:38:06PM +0100, Tobias Weisserth wrote:
$ readelf -l /bin/bash | grep interpreter [Requesting program interpreter: /lib/ld-linux.so.2] $ /lib/ld-linux.so.2 /bin/bash --version GNU bash, version 2.05b.0(1)-release (i386-redhat-linux-gnu) Copyright (C) 2002 Free Software Foundation, Inc.Well, at least the noexec option for /tmp prevents 99% of available ready-to-run exploits and root kits to execute properly, since they were written to run from within /tmp. I guess this takes care of most of the simple "script-kiddies". But you're right. I doesn't really "solve" the problem. But it raises the bar because exploits have to be adapted and luckily not everybody is able to do this.
http://linux.bkbits.net:8080/linux-2.4/cset@1.1267.1.85 ^^^^^^^^^ "This patch submitted by Ullrich Drepper to 2.6 last week fixes the behaviour of 'noexec' mounted partitions. Up until now it was possible to circumvent the 'noexec' flag and run binaries off a 'noexec' partition by using ld-linux.so.2 or any other executable loader. This patch allows to properly honour the 'noexec' behaviour." and setting /tmp noexec under Debian will probably break apt (section 4.9.1, http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.9) /Thomas -- == thomas () northernsecurity net | thomas () se linux org == Encrypted e-mails preferred | GPG KeyID: 114AA85C --
Attachment:
signature.asc
Description: Digital signature
Current thread:
- Re: Re: Re: a secure base system, (continued)
- Re: Re: Re: a secure base system martin f krafft (Mar 15)
- Re: a secure base system gadgeteer (Mar 15)
- Re: a secure base system Nico Golde (Mar 15)
- Re: a secure base system Stephen Clowater (Mar 15)
- Re: a secure base system Tobias Weisserth (Mar 15)
- Re: a secure base system Alexander Bartolich (Mar 15)
- Re: a secure base system Valdis . Kletnieks (Mar 15)
- Re: a secure base system martin f krafft (Mar 15)
- Re: Re: a secure base system Tobias Weisserth (Mar 15)
- Re: a secure base system Alexander Bartolich (Mar 15)
- Re: a secure base system Tobias Weisserth (Mar 15)
- Re: a secure base system Thomas Sjögren (Mar 16)
- Re: a secure base system martin f krafft (Mar 16)
- Re: a secure base system Yusuf Wilajati Purna (Mar 22)