Re: First patch :)

• Previous message: Aleph One: "Re: First Patch :)"
• Next in thread: Peter van Dijk: "Re: First patch :)"
• Next in thread: Aleph One: "Re: First Patch :)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

The "ruid" idea and prevent exec/fork of suid programs, is a nice idea but
is really security through obscurity.

If a hacker knows this patch is in place, he just replaces the shellcode
so instead of doing:

syscall exec /bin/sh

it does

syscall chmod 666 /etc/passwd

or any other exciting piece of code you care to run. You need not launch a
separate process to run it.

Cheers
Chris

• Next message: Jim Dennis: "Re: First Patch :)"
• Previous message: Aleph One: "Re: First Patch :)"
• Next in thread: Peter van Dijk: "Re: First patch :)"
• Next in thread: Aleph One: "Re: First Patch :)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:55:32 PDT