On 5/10/19 1:22 am, Jonathan Dowland wrote:
On Wed, Oct 02, 2019 at 07:03:59PM +1000, Keith Bainbridge wrote:I wonder if having /home on a 'noexec' partition would stop this attack, please?I don't know specifically about this attack, but noexec is trivial to circumvent. Here's three ways: bash -c "~/whatever" cp ~/whatever /tmp && /tmp/whatever /lib64/ld-linux-x86-64.so.2 ~/whatever
Well I think the bash line means that the bash command uses ~/whatever as data (which it could do without the x switch?) like any program does with data files. I wasn't aware of this. I read later the the -c is not necessary, and wonder if the "s are necessary.
I see that cp to /tmp will get around the noexec. Am now wondering how I can use that process to my advantage elsewhere.
The 3rd suggestion is still a mystery.Then to get away from sudo. But su -c doesn't work the way I expected. Back soon
Thanks to all who have contributed to an enlightening discussion. -- Keith Bainbridge keithrbaugroups@gmail.com +61 (0)447 667 468