Re: a weird script worm uploaded via php with debian 3.0 ?
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Wed, 11 Jun 2003 at 10:47:49AM +0200, Giacomo Mulas wrote:
> On Wed, 11 Jun 2003, Celso Gonz?lez wrote:
>
> > I dont have any information about your trojan, but i can give you a
> > solution (also a good security practice)
> >
> > Mount /tmp in a separate partition with the noexec flag in fstab
> >
> > This will disable most of the trojans
>
> Sorry to delude you, but browse the archives: you will find that even with
> a noexec partition you can run any executable by just invoking
>
> /lib/ld.so /tmp/yourexecutable
While I agree with your observation I feel compelled to defend his
point.
He said mounting /tmp will stop MOST Trojans. While it might not stop a
trojan planted by a person, it will stop a trojan planted by a worm
(which is what this thread is about) since the author of the worm might
not have had the insight to use ld.so.
Take care,
- --
Phillip Hofmeister
PGP/GPG Key:
http://www.zionlth.org/~plhofmei/
wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import
- --
Excuse #66: Unoptimized hard drive
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE+5yG/S3Jybf3L5MQRAtz3AJ4oU0nYQytble771jtm9XdoTateOACdFSGD
qcSmvXIQBxHUQlgrf5o/ui0=
=BVu8
-----END PGP SIGNATURE-----
Reply to: