> Quick workaround is to limit arguments, environment and filter non-ascii > characters: > > http://www.frasunek.com/sources/security/rexec/ This workaround not complete, because it doesn't protect for the bug exploitation. For example the attacker can send the shellcode via stdin to the suid program. It's address can also be determined with removing the suid bit from the program, and tracing it non-root. What's your opinion? (BTW, rexec is generally a good idea, we like it) Best regards, Megyer Ur (lez), Foldi Ur -- . . _ __ ______________________________________________________ __ _ . . Foldi Tamas - We Are The Hashmark In The Rootshell - Security Consultant crowat_private - PGP: finger://crowat_private - (+3630) 221-7477
This archive was generated by hypermail 2b30 : Sun Jul 15 2001 - 21:07:44 PDT