xfce.org/lunar-linux.org server nearly hacked
Brian J. Tarricone
bjt23 at cornell.edu
Tue Jul 26 22:26:02 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Auke Kok wrote:
> - Mount /tmp and world-writeable mountpoints with noexec, this will stop
> most OOTB exploits immediately as the rootkit or backdoor will fail to
Though this really doesn't help all *that* much, since the attacker can
$ /lib/libc.so.6 /tmp/really_bad_program
And voila - you can execute stuff on /tmp. Out of idle curiosity, can
you safely remove the execute bit on libc and have a functioning system?
I know in general on Linux you don't need to make shared libs
executable, but I dunno, libc may be an exception.
Anyway - Auke - a big thanks for being as security-conscious as you are.
Maybe we were "lucky" this time in that the kiddies weren't all that
bright, but it wouldn't have taken smarts if not for your security policy.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
-----END PGP SIGNATURE-----
More information about the Xfce