Bugtraq mailing list archives

Re: procfs hole

From: jonz () NETRAIL NET (Jonathan A. Zdziarski)
Date: Sun, 10 Aug 1997 11:52:44 +0000


Would disabling bash and sh (and any other shells that allowed this) be a
good temporary solution?  I've noticed you have to have it set as your
default shell, so removing it from /etc/shells could prevent this.  It's
either that or disbale procfs (and I'm still not sure what the effects of
that would be)


-------------------------------------------------------------------------
Jonathan A. Zdziarski                                NetRail Incorporated
Server Engineering Manager                    230 Peachtree St. Suite 500
jonz () netrail net                                        Atlanta, GA 30303
http://www.netrail.net                                    (888) - NETRAIL
-------------------------------------------------------------------------

Current thread:

Possible fixed identd, (continued)
- - - Possible fixed identd Phillip R. Jaenke (Aug 13)
    - CERT Advisory CA-97.22 - BIND - the Berkeley Internet Name Daemon Aleph One (Aug 14)
    - Vulnerability in 4.4BSD rfork() implementation Thomas H. Ptacek (Aug 02)
    - Linux clone() looks safe (Re: Vulnerability in 4.4BSD rfork() Jeff Epler (Aug 02)
    - Re: Linux clone() looks safe (Re: Vulnerability in 4.4BSD rfork() Marc Slemko (Aug 03)
  - Re: sendmail -C: Known? Patches? (AIX 4.1.5) Eric Allman (Aug 06)
  - Re: sendmail -C: Known? Patches? (AIX 4.1.5) Eric Allman (Aug 07)
    - Re: sendmail -C: Known? Patches? (AIX 4.1.5) Gene Spafford (Aug 09)
    - Re: sendmail -C: Known? Patches? (AIX 4.1.5) Troy Bollinger (Aug 10)
    - procfs hole Brian Mitchell (Aug 10)
    - Re: procfs hole Jonathan A. Zdziarski (Aug 10)
    - Re: procfs hole Brian Mitchell (Aug 10)
  - NT DNS Implicit Search Order Hole Aleph One (Aug 09)
    - Program To decrypt password in ws_ftp.ini JeBe (Aug 10)