Re: port 6051: hacked?

To: debian-security@lists.debian.org
Subject: Re: port 6051: hacked?
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Mon, 16 Sep 2002 11:10:24 -0300
Message-id: <[🔎] 20020916141024.GA15648@llama.nslug.ns.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 3.0.6.16.20020914133413.4dc75d80@pop3.01019freenet.de>
References: <[🔎] 20020908001525.GG948@fishbowl.madduck.net> <[🔎] 3.0.6.16.20020914133413.4dc75d80@pop3.01019freenet.de>

On Sat, Sep 14, 2002 at 01:34:13PM +0200, Michelle Konzack wrote:
> >try putting any binary, as a test, in /tmp, e.g. copy /bin/ls to
> >/tmp/testexe. Then issue the command
> >
> >/lib/ld-linux.so.2 /tmp/testexe
> 
> Oops.... Why is it ???

 Because that's how ld.so works.  It's an ELF interpreter, just like perl is
a perl interpreter; perl /tmp/foo.pl works on a noexec filesystem (I'm
assuming.)

> It may be a very big security problem...

 The only security problem here is the reliance on mounting with noexec in
the belief that this will prevent anything.  nosuid is useful, but noexec
isn't.  (Maybe in a restricted shell environment, where ld.so couldn't be
run by name, only as an interpreter started by the kernel.)

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC

Reply to:

References:
- Re: port 6051: hacked?
  - From: martin f krafft <madduck@debian.org>
- Re: port 6051: hacked?
  - From: Michelle Konzack <linux.mailinglists@freenet.de>

Prev by Date: Re: port 6051: hacked?
Next by Date: Re: OpenSSL and Potato a request for clarificiation
Previous by thread: Re: port 6051: hacked?
Next by thread: Re: port 6051: hacked?
Index(es):
- Date
- Thread