Re: Suspicious files in /tmp

["Eduardo Tongson" <propolice () gmail com>]

On 6/22/07, kaneda () bohater net <kaneda () bohater net> wrote:
> On Wed, 20 Jun 2007, Thyago Braga da Silva wrote:
>
> :] A binary which you have NOT permission to execute but only to read, it can
> :] be executed.
>
> Morning...
>
> On 2.6 kernel its not possible JUST run directly from noexec partition:
<...>

Don't be misinformed. Vanilla 2.6.xx is not completely protected. On
2.6.20 you can
still run files on noexec mounts with ld-linux. You only need read access.

Get http://rootshell.be/~tongson/hello.bin. Save to a noexec mount.
$ /lib/ld-linux.so.2 /dev/shm/hello.bin
Hello world!

Regards, E

-------------------------------------------------------------------------
This list sponsored by: SPI Dynamics

ALERT: .How a Hacker Launches a SQL Injection Attack!.- White Paper 
It's as simple as placing additional SQL commands into a Web Form input box 
giving hackers complete access to all your backend systems! Firewalls and IDS 
will not stop such attacks because SQL Injections are NOT seen as intruders. 
Download this *FREE* white paper from SPI Dynamics for a complete guide to protection! 

https://download.spidynamics.com/1/ad/sql.asp?Campaign_ID=70160000000Cn8E
--------------------------------------------------------------------------