RE: a weird script worm uploaded via php with debian 3.0 ?

To: debian-security@lists.debian.org
Subject: RE: a weird script worm uploaded via php with debian 3.0 ?
From: DEFFONTAINES Vincent <Vincent.DEFFONTAINES@coe.int>
Date: Wed, 11 Jun 2003 15:24:11 +0200
Message-id: <[🔎] 435C366F075ED211B12200204840172D062934C3@petitsuix.coe.int>

> While I agree with your observation I feel compelled to 
> defend his point.
> 
> He said mounting /tmp will stop MOST Trojans.  While it might 
> not stop a trojan planted by a person, it will stop a trojan 
> planted by a worm (which is what this thread is about) since 
> the author of the worm might not have had the insight to use ld.so.
> 

A good solution, not too hard to implement, is to patch your kernel with
grsecurity.
Grsecurity provides a very good level of protection against buffer overflow
attacks,
It randomizes PIDs, it protects chroots, enforces the TCP/IP stack, etc.

Grsecurity is actually a cumulative patch from Pax, some OpenBSD TCP/IP
stuff ported 
into linux, openwall, HAP-linux.

Btw it is very configurable, and pretty well documented, at configuration
level.

I use it and am very happy with it. If I trust archives from this list, I am
not 
the only one in this case :-)

http://www.grsecurity.net

Reply to:

Follow-Ups:
- 2.5 and grsec [was Re: a weird script worm uploaded via php with debian 3.0 ?]
  - From: Dale Amon <amon@vnl.com>

Prev by Date: Re: a weird script worm uploaded via php with debian 3.0 ?
Next by Date: Re: a weird script worm uploaded via php with debian 3.0 ?
Previous by thread: Re: a weird script worm uploaded via php with debian 3.0 ?
Next by thread: 2.5 and grsec [was Re: a weird script worm uploaded via php with debian 3.0 ?]
Index(es):
- Date
- Thread