> > http://www.frasunek.com/sources/security/rexec/ > This workaround not complete, because it doesn't protect for the bug > exploitation. For example the attacker can send the shellcode via stdin > to the suid program. It's address can also be determined with removing > the suid bit from the program, and tracing it non-root. Of course, rexec wasn't designed to protect from this vulnerability. It protects from argument/environment based overflows and some formatting bugs. Almost all such security enhancements are possible to bypass, but not by script kiddies. Rexec tries to make exploiting local vulnerabilities harder. Selective noexec feature prevents kiddies from running their exploits. > (BTW, rexec is generally a good idea, we like it) Thanks. I'm using it on all of my boxes with user accounts. -- * Fido: 2:480/124 ** WWW: http://www.frasunek.com/ ** NIC-HDL: PMF9-RIPE * * Inet: przemyslawat_private ** PGP: D48684904685DF43EA93AFA13BE170BF *
This archive was generated by hypermail 2b30 : Sun Jul 15 2001 - 20:59:09 PDT