RE: /lib/ld-2.2.4.so

["Tech Support" <tech () chilitech net>]

Even if /home isn't mounted as noexec you can still prevent it if you do it
right:
[support@shell matth]$ telnet
bash: /usr/bin/telnet: Permission denied
[support@shell matth]$ ls -l /usr/bin/telnet
-rwxr-x---   1 root     outgoing    62304 Apr 15  1999 /usr/bin/telnet
[support@shell matth]$ cp /usr/bin/telnet ~/
cp: /usr/bin/telnet: Permission denied

This is because the user "support" is not in the group "outgoing" hence they
can't do ANYTHING to that file.

~ Matt
-----Original Message-----
From: FozZy [mailto:fozzy () dmpfrance com]
Sent: Wednesday, April 24, 2002 5:12 PM
To: Olaf Kirch
Cc: draven () UBBCluj Ro; vuln-dev () securityfocus com;
focus-linux () securityfocus com
Subject: Re: /lib/ld-2.2.4.so


> You can't fix it. You can always do
>
>       cp file-with-mode-444-perms ./foobar
>       chmod +x foobar
>       ./foobar

Well, not "always". I used to be on a system where home partitions, /tmp,
and any place where you can write something, were mounted as noexec. There
was also no compiler, etc.
But, with this trick a cracker could upload his favorite binary exploit and
easily run it.

FozZy