Re: Email based attack on University
On Mon, Oct 07, 2019 at 10:49:01AM +1100, Keith Bainbridge wrote:
Well I think the bash line means that the bash command uses ~/whatever
as data (which it could do without the x switch?) like any program
does with data files. I wasn't aware of this. I read later the the -c
is not necessary, and wonder if the "s are necessary.
The quotes are only necessary if the path to the binary you want to
invoke are necessary. I use them out of habit, although I forgot that
'~' is not expanded within quotes. Using "$HOME/whatever" instead would
have worked.
-c is key here, because I'm not assuming that ~/whatever is a shell
script. This is telling the shell interpreter to run the command,
whatever it may be. But, as pointed out elsewhere, "noexec" does indeed
defeat running a binary via bash in this exact manner.
The 3rd suggestion is still a mystery.
That's a loader binary that loads and executes a binary supplied as an
argument. It's actually invoked under the hood whenever you run a
binary. But again as pointed out elsewhere "noexec" defeats this direct
approach; one needs to introduce more indirection.
--
👱🏻 Jonathan Dowland
✎ jon@dow.land
🔗 https://jmtd.net
Reply to: