Vulnerability Development mailing list archives
Re: Thwarting /bin/bash, an anti-overflow concept ?
From: Bruno Lustosa <bruno () lustosa net>
Date: Wed, 7 Jan 2004 14:47:03 -0200
* Alex Schütz <antitrack_legend () chello at> [07-01-2004 14:14]:
Anyhow, if we delete all shells... how safe are we, then ? (Ignoring the case that crontab might not work anymore...)
Apart from crontab, what if you ever need to do some remote or local maintenance on the server? How are you going to do it? And not only crontab, lots of programs on the system are in fact shell or other scripts, and they would also break. Even then, if I can run code of my choice, I could open a socket on any port, and get whatever is sent on that port and pass it throught to exec() and similar functions. It will for sure cause more trouble than it would be worth. -- Bruno Lustosa, aka Lofofora | Email: bruno () lustosa net Network Administrator/Web Programmer | ICQ UIN: 1406477 Rio de Janeiro - Brazil |
Attachment:
_bin
Description:
Current thread:
- Any takers? Revisiting mremap() Jeremy Junginger (Jan 06)
- Message not available
- Thwarting /bin/bash, an anti-overflow concept ? Alex Schütz (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Josh Bressers (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Bruno Lustosa (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Kenneth Peiruza (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? security (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Gerardo Richarte (Jan 07)
- Re: Thwarting /bin/bash, an anti-overflow concept ? Valdis . Kletnieks (Jan 07)
- Thwarting /bin/bash, an anti-overflow concept ? Alex Schütz (Jan 07)
- Message not available