xfce.org/lunar-linux.org server nearly hacked
Brian J. Tarricone
bjt23 at cornell.edu
Tue Jul 26 22:26:02 CEST 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Auke Kok wrote:
> - Mount /tmp and world-writeable mountpoints with noexec, this will stop
> most OOTB exploits immediately as the rootkit or backdoor will fail to
> execute
Though this really doesn't help all *that* much, since the attacker can
just do:
$ /lib/libc.so.6 /tmp/really_bad_program
And voila - you can execute stuff on /tmp. Out of idle curiosity, can
you safely remove the execute bit on libc and have a functioning system?
I know in general on Linux you don't need to make shared libs
executable, but I dunno, libc may be an exception.
Anyway - Auke - a big thanks for being as security-conscious as you are.
Maybe we were "lucky" this time in that the kiddies weren't all that
bright, but it wouldn't have taken smarts if not for your security policy.
-b
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)
iD8DBQFC5pxa6XyW6VEeAnsRAkWbAKCVhccpXIi6uQs5PDN1AF1S8LhYkQCcC24E
5Xu+VaE2g3yVC3MBZ0VcgQ4=
=AsJ7
-----END PGP SIGNATURE-----
More information about the Xfce
mailing list