Vulnerability Development mailing list archives
Re: Remote exploitation of network scanners?
From: Peter Pentchev <roam () ORBITEL BG>
Date: Sat, 2 Sep 2000 16:17:03 +0300
On Thu, Aug 31, 2000 at 01:37:05PM +0200, Bluefish (P.Magnusson) wrote:
I'm not overly familiar with this "Snoop" or any other of these scanners, but.... Can't they be placed inside some kind of home-made containment (sandbox, or what ever word you prefere). Such as chrooting, dropping capability to chroot and so on. [would be better if the developers themselves adding this to their scanners, but until then]
In that regard.. I just had a funny idea - how about a application preloader or something that intercepts syscalls and/or library function calls, and when the time comes (configurable), drops privileges? setuid(nobody) and stuff? Configurable on a per-application basis, as to just when the time has come - e.g. after a socket(), or after a bind(), or something like that.. Has anybody thought along those lines? Is there something already out there, or should I try to tackle this as an exercise in messing with the loader? :) (And yes, I am aware of the portability problems in intercepting syscalls.. I might just as well give it a try, based on strace, and fbsd's ktrace.. or something..) G'luck, Peter -- When you are not looking at it, this sentence is in Spanish.
Current thread:
- Re: Remote exploitation of network scanners? Domenico De Vitto (Sep 01)
- Re: Remote exploitation of network scanners? Bluefish (P.Magnusson) (Sep 01)
- <Possible follow-ups>
- Re: Remote exploitation of network scanners? Peter Pentchev (Sep 02)
- Re: Remote exploitation of network scanners? Andrew Scott Reisse (Sep 02)
- Re: Remote exploitation of network scanners? Peter Pentchev (Sep 02)
- Re: Remote exploitation of network scanners? Andrew Scott Reisse (Sep 02)