[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Email based attack on University

On 5/10/19 1:22 am, Jonathan Dowland wrote:
On Wed, Oct 02, 2019 at 07:03:59PM +1000, Keith Bainbridge wrote:
I wonder if having /home on a 'noexec' partition would stop this attack, please?

I don't know specifically about this attack, but noexec is trivial to
circumvent. Here's three ways:

    bash -c "~/whatever"
    cp ~/whatever /tmp && /tmp/whatever
    /lib64/ld-linux-x86-64.so.2 ~/whatever

Well I think the bash line means that the bash command uses ~/whatever as data (which it could do without the x switch?) like any program does with data files. I wasn't aware of this. I read later the the -c is not necessary, and wonder if the "s are necessary.

I see that cp to /tmp will get around the noexec. Am now wondering how I can use that process to my advantage elsewhere.

The 3rd suggestion is still a mystery.

Then to get away from sudo. But su -c doesn't work the way I expected. Back soon

Thanks to all who have contributed to an enlightening discussion.

Keith Bainbridge


+61 (0)447 667 468

Reply to: