Re: New Linux worm crawls the web

To: debian-user@lists.debian.org
Subject: Re: New Linux worm crawls the web
From: Joey Hess <joeyh@debian.org>
Date: Fri, 11 Nov 2005 14:08:32 -0500
Message-id: <[🔎] 20051111190832.GA3523@kitenet.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] slrndn9ods.6a7.spambait@truffula.sj.ca.us>
References: <56Gyq-5HU-51@gated-at.bofh.it> <56Jmm-1Fv-53@gated-at.bofh.it> <571jf-2Ox-23@gated-at.bofh.it> <57iWN-3za-27@gated-at.bofh.it> <[🔎] slrndn9ods.6a7.spambait@truffula.sj.ca.us>

Cameron L. Spitzer wrote:
> It's misleading to call these things "Linux worms."

Very true.

> I think it's a major security bug for /tmp and /var/tmp
> to be mounted with exec privileges.

Due to the design of ld.so, the noexec flag is no-op on Linux systems.
It's at most a minor speedbump to running a file in /tmp. Just use
/lib/ld-linux.so.2 /path/to/a/binary to run any binary no matter what
its execute permissions. Or just don't base your worm on needing to run
executables from disk, which is also fairly easy to do.

-- 
see shy jo

Attachment: signature.asc
Description: Digital signature

Reply to:

References:
- Re: New Linux worm crawls the web
  - From: "Cameron L. Spitzer" <cls@truffula.sj.ca.us>

Prev by Date: Re: Mounting an iPod via USB
Next by Date: Re: gcc-4 : am I the only one having problems?
Previous by thread: Re: New Linux worm crawls the web
Next by thread: Re: New Linux worm crawls the web
Index(es):
- Date
- Thread