Vulnerability Development mailing list archives
Re: /lib/ld-2.2.4.so
From: Bill Weiss <houdini () nmt edu>
Date: Wed, 24 Apr 2002 16:02:36 -0600
Olaf Kirch(okir () caldera de)@Tue, Apr 23, 2002 at 09:27:53AM +0200:
On Mon, Apr 22, 2002 at 09:43:32AM +0300, Sabau Daniel wrote:boxes and i've been succesfull, please if anyone know how to eliminate this hole in my security give me a replay. If i try to change the mode onYou can't fix it. You can always do cp file-with-mode-444-perms ./foobar chmod +x foobar ./foobar Unix file permission bits aren't really orthogonal, especially r and x. Even though it may give some admins a deep feeling of satisfaction, playing with the r and x bits accomplishes nothing in terms of security. Olaf -- Olaf Kirch | Anyone who has had to work with X.509 has probably okir () caldera de | experienced what can best be described as ------------------+ ISO water torture. -- Peter Gutmann
Oh? What about (as the original poster said) if you have user directories mounted as noexec? tmp as well? Where would you copy the file to so it could exec? -- Bill Weiss
Current thread:
- /lib/ld-2.2.4.so Sabau Daniel (Apr 22)
- RE: /lib/ld-2.2.4.so Tech Support (Apr 24)
- Re: /lib/ld-2.2.4.so Marlon Jabbur (Apr 24)
- Re: /lib/ld-2.2.4.so Eric Rostetter (Apr 24)
- Re: /lib/ld-2.2.4.so Olaf Kirch (Apr 24)
- Re: /lib/ld-2.2.4.so Bill Weiss (Apr 24)
- Re: /lib/ld-2.2.4.so Kurt Seifried (Apr 25)
- Re: /lib/ld-2.2.4.so Robert A. Seace (Apr 25)
- nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Anibal Ambertin (Apr 26)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) c0n (Apr 26)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Bill Weiss (Apr 26)
- Re: nobody suid shell (kind of relationship with the ld-2.2.4 thread...) Jim Nanney (Apr 26)
- Re: /lib/ld-2.2.4.so Bill Weiss (Apr 24)
- Re: /lib/ld-2.2.4.so Florian Weimer (Apr 26)
- RE: /lib/ld-2.2.4.so Tech Support (Apr 24)
- Re: /lib/ld-2.2.4.so FozZy (Apr 24)
- RE: /lib/ld-2.2.4.so Tech Support (Apr 25)
- Re: /lib/ld-2.2.4.so SpaceWalker (Apr 26)