On Sun, May 07, 2000 at 11:38:01PM -0400, Decklin Foster wrote: > Ethan Benson writes: > > > bindshell? > > or do you mean games like detached screen sessions and suidperl? > > Like that. Listen on a high port, spawn a shell when the *cough* l33t > h4x0r connects and gives a password. No, i didn't just make up the > name. But you bring up two more good reasons why 'nosuid' should not > be considered a cure-all. ah ok. im not all that familier with the way suidperl works but why can't it check for nosuid mount options before allowing a script located on a nosuid filesystem from being run suid? > I fired off that last mail before I had time to wonder: why are we > talking about suid executables anyway? I thought this module chowned > the devices or something similar... *shrug* someone mixed up chowning devices for granting group membership based on login tty. either way the same tricks will work. -- Ethan Benson http://www.alaska.net/~erbenson/
Attachment:
pgpy0ldImBo3q.pgp
Description: PGP signature