Vulnerability Development mailing list archives
Re: Thwarting /bin/bash, an anti-overflow concept ?
From: Valdis.Kletnieks () vt edu
Date: Wed, 07 Jan 2004 14:22:27 -0500
On Wed, 07 Jan 2004 13:39:44 +0100, Alex =?iso-8859-1?Q?Sch=FCtz?= <antitrack_legend () chello at> said:
However, if we do not have any shell, what is going to happen ? There's no /bin/bash to call, thus, the exploit will surely crash some application, but its final goal will be thwarted.
Feel free to recode /etc/inittab so it doesn't call /etc/rc.sysinit. That's a shell script and won't work very well without a shell handy. Running without a shell is actually doable in the embedded environment, where they often boot with 'init=/bin/system_driver_program'. However, if you're not an embedded system, you may need a shell :)
Attachment:
_bin
Description:
Current thread:
- Any takers? Revisiting mremap() Jeremy Junginger (Jan 06)
- Message not available
- Thwarting /bin/bash, an anti-overflow concept ? Alex Schütz (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Josh Bressers (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Bruno Lustosa (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Kenneth Peiruza (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? security (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Gerardo Richarte (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Valdis . Kletnieks (Jan 07)
- Thwarting /bin/bash, an anti-overflow concept ? Alex Schütz (Jan 07)
- Message not available