Re: Long Exim break-in analysis

To: debian-security@lists.debian.org
Subject: Re: Long Exim break-in analysis
From: Bastian Blank <waldi@debian.org>
Date: Wed, 22 Dec 2010 11:30:10 +0100
Message-id: <[🔎] 20101222103010.GA1256@wavehammer.waldi.eu.org>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20101222091850.GA25719@pcpool00.mathematik.uni-freiburg.de>
References: <[🔎] 201012212307.37241.vladislav.kurz@webstep.net> <[🔎] 20101222091850.GA25719@pcpool00.mathematik.uni-freiburg.de>

On Wed, Dec 22, 2010 at 10:18:50AM +0100, Bernhard R. Link wrote:
> That said, having /tmp noexec,nosuid and /var nosuid will only make some
> script-kiddies slower and the more people use it the less it helps.

It is a start.

> As long as you have things like /dev/shm world-writeable and not
> mounted nosuid there are trivial other ways for attackers.

/dev/shm _is_ mounted nosuid by default.

>                                                            And history
> show that there were often ways around noexec and nosuid and though many
> of the known ones should be closed by now,

Around noexec: not much, at least for real binaries. Around nosuid:
please show me. Hijacking other suid-binaries is a different story and
calls for a reduction of privileges.

Bastian

-- 
No more blah, blah, blah!
		-- Kirk, "Miri", stardate 2713.6

Reply to:

Follow-Ups:
- Re: Long Exim break-in analysis
  - From: "Bernhard R. Link" <brlink@debian.org>

References:
- Long Exim break-in analysis
  - From: Vladislav Kurz <vladislav.kurz@webstep.net>
- Re: Long Exim break-in analysis
  - From: "Bernhard R. Link" <brlink@debian.org>

Prev by Date: Re: Long Exim break-in analysis
Next by Date: Re: Long Exim break-in analysis
Previous by thread: Re: Long Exim break-in analysis
Next by thread: Re: Long Exim break-in analysis
Index(es):
- Date
- Thread