[svlug] Need help with diagnosing compromised Linux system

Rick Moen rick at linuxmafia.com
Fri Apr 22 11:40:35 PDT 2005

Previous message: [svlug] Need help with diagnosing compromised Linux system
Next message: [svlug] Need help with diagnosing compromised Linux system
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Quoting John Conover (conover at rahul.net):

> If its necessary to have a writable system, (like for a mail spool,
> dynamic web pages, etc.,) the live CD can boot and fstab a HD with the
> noexec option to mount, making a system that is robust against
> executing anything that was not put in the system on the CD.

Oh no!  I could be blocked from doing nasty things:

$ mount | grep tmp
/dev/sda7 on /tmp type ext2 (rw,noexec,nosuid,nodev)
$ cd /tmp
$ cp /bin/date .
$ ./date
bash: ./date: Permission denied

Curses!  Foiled again.

But wait:

$ /lib/ld-linux.so.2 ./date
Fri Apr 22 11:37:01 PDT 2005

Yay!  H4X0R tech wins again.

(Not saying it's not worth doing; just be aware that it's easily
circumvented by the clueful.)

<#include selinux-fixes-this-problem_advert_here>

-- 
Cheers,             The shortest distance between two puns is a straightline.
Rick Moen
rick at linuxmafia.com

Previous message: [svlug] Need help with diagnosing compromised Linux system
Next message: [svlug] Need help with diagnosing compromised Linux system
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the svlug mailing list