lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <20040316170752.GA16817@northernsecurity.net>
From: thomas at northernsecurity.net (Thomas Sjögren)
Subject: a secure base system

On Mon, Mar 15, 2004 at 09:38:06PM +0100, Tobias Weisserth wrote:
> > $ readelf -l /bin/bash | grep interpreter
> >       [Requesting program interpreter: /lib/ld-linux.so.2]
> > 
> > $ /lib/ld-linux.so.2 /bin/bash --version
> > GNU bash, version 2.05b.0(1)-release (i386-redhat-linux-gnu)
> > Copyright (C) 2002 Free Software Foundation, Inc.
> 
> Well, at least the noexec option for /tmp prevents 99% of available
> ready-to-run exploits and root kits to execute properly, since they were
> written to run from within /tmp. I guess this takes care of most of the
> simple "script-kiddies". But you're right. I doesn't really "solve" the
> problem. But it raises the bar because exploits have to be adapted and
> luckily not everybody is able to do this.

http://linux.bkbits.net:8080/linux-2.4/cset@...267.1.85
                             ^^^^^^^^^
"This patch submitted by Ullrich Drepper to 2.6 last week fixes the
behaviour of 'noexec' mounted partitions. Up until now it was possible
to circumvent the 'noexec' flag and run binaries off a 'noexec' partition
by using ld-linux.so.2 or any other executable loader. This patch allows to
properly honour the 'noexec' behaviour."

and setting /tmp noexec under Debian will probably break apt
(section 4.9.1,
http://www.debian.org/doc/manuals/securing-debian-howto/ch4.en.html#s4.9)

/Thomas
-- 
== thomas@...thernsecurity.net | thomas@...linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
--
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 481 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040316/fa664f4a/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ