Incidents
Suspicious files in /tmp Jun 16 2007 06:13PM
kladizkov.thehome (kladizkov thehome gmail com) (3 replies)
Re: Suspicious files in /tmp Jun 18 2007 05:12PM
Jamie Riden (jamie riden gmail com)
Re: Suspicious files in /tmp Jun 18 2007 05:08PM
Jamie Riden (jamie riden gmail com)
Re: Suspicious files in /tmp Jun 18 2007 04:47PM
Matt D. Harris (mdh solitox net) (5 replies)
Re: Suspicious files in /tmp Jun 21 2007 11:38AM
Remko Lodder (remko elvandar org) (1 replies)
Re: Suspicious files in /tmp Jun 21 2007 08:05PM
Cy Schubert (Cy Schubert komquats com)
Re: Suspicious files in /tmp Jun 19 2007 01:33AM
Robin Sheat (robin kallisti net nz) (1 replies)
On Tuesday 19 June 2007 04:47:13 Matt D. Harris wrote:
> They're being executed despite filesystem mount options because the
> script isn't being executed, the perl interpretter is.  The script is
> being read and interpretted by the perl interpretter.
I think it's also the case (I don't have a noexec partition handy to test on)
that you can get around this by doing something like:
/lib/ld-linux.so.2 /tmp/mybadbinary
e.g.:
/lib/ld-linux.so.2 /bin/ls

noexec is at best an annoyance to an attacker rather than a real security
measure. Of course, it would be nice to see a check in interpreters just to
make things that much trickier.

--
Robin <robin (at) kallisti.net (dot) nz [email concealed]> JabberID: <eythian (at) jabber.kallisti.net (dot) nz [email concealed]>

Hostes alienigeni me abduxerunt. Qui annus est?

PGP Key 0xA99CEB6D = 5957 6D23 8B16 EFAB FEF8 7175 14D3 6485 A99C EB6D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGdzJiFNNkhamc620RAoqTAJ9docaBp76R5GJrrBPvUgKCukVIPACcC4os
V7gvmEmb8vwvo/Se+ueP1cc=
=uwwI
-----END PGP SIGNATURE-----

[ reply ]
Re: Suspicious files in /tmp Jun 20 2007 04:47PM
Valdis Kletnieks vt edu (1 replies)
RE: Suspicious files in /tmp Jun 20 2007 11:06PM
Thyago Braga da Silva (tbraga gasecurity com br) (1 replies)
RE: Suspicious files in /tmp Jun 21 2007 05:09PM
kaneda bohater net (1 replies)
Re: Suspicious files in /tmp Jun 22 2007 12:19AM
Eduardo Tongson (propolice gmail com)
Re: Suspicious files in /tmp Jun 19 2007 12:23AM
Rainer Duffner (rainer ultra-secure de)
Re: Suspicious files in /tmp Jun 19 2007 12:17AM
Rainer Duffner (rainer ultra-secure de)
Re: Suspicious files in /tmp Jun 18 2007 09:32PM
Michal Zalewski (lcamtuf dione ids pl) (1 replies)
Re: Suspicious files in /tmp Jun 19 2007 12:37AM
Matt D. Harris (mdh solitox net)


 

Privacy Statement
Copyright 2010, SecurityFocus