xfce.org/lunar-linux.org server nearly hacked

Auke Kok sofar at lunar-linux.org
Wed Jul 27 11:24:12 CEST 2005


Brian J. Tarricone wrote:

> Auke Kok wrote:
>
> >- Mount /tmp and world-writeable mountpoints with noexec, this will stop
> >most OOTB exploits immediately as the rootkit or backdoor will fail to
> >execute
>
>
> Though this really doesn't help all *that* much, since the attacker can
> just do:
>
> $ /lib/libc.so.6 /tmp/really_bad_program
>
> And voila - you can execute stuff on /tmp.


Supposedly that doesn't work anymore, with my systems I don't get that
result even:

/tmp # /lib/libc.so.6 /tmp/ls
GNU C Library stable release version 2.3.2, by Roland McGrath et al.
Copyright (C) 2003 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
Available extensions:
        GNU libio by Per Bothner
        crypt add-on version 2.1 by Michael Glad and others
        linuxthreads-0.10 by Xavier Leroy
        BIND-8.2.3-T5B
        libthread_db work sponsored by Alpha Processor Inc
Report bugs using the `glibcbug' script to <bugs at gnu.org>.
/tmp #

and supposedly it's the linker libdl.so that should work according to refs:

/tmp # /lib/ld-linux.so.2 /tmp/ls
/tmp/ls: error while loading shared libraries: /tmp/ls: failed to map
segment from shared object: Operation not permitted
/tmp #

no go for executing binaries thus, unless I'm missing another way around
that. I'd sure like to hear about it ;^)



> Out of idle curiosity, can
> you safely remove the execute bit on libc and have a functioning system?
>  I know in general on Linux you don't need to make shared libs
> executable, but I dunno, libc may be an exception.


only to have 'ldd' functioning AFAIK, but I'm not gonna try this on a
live system just yet, maybe with something safe first ;^)

Auke




More information about the Xfce mailing list