Re: /lib/ld-2.2.4.so

From: Olaf Kirch (okirat_private)
Date: Tue Apr 23 2002 - 00:27:53 PDT

Next message: Chris: "Rodopi Security/Functionality"

Previous message: FozZy: "Re: Cross site scripting in almost every mayor website"
In reply to: Sabau Daniel: "/lib/ld-2.2.4.so"
Next in thread: FozZy: "Re: /lib/ld-2.2.4.so"
Next in thread: Pavel Kankovsky: "Re: /lib/ld-2.2.4.so"
Reply: FozZy: "Re: /lib/ld-2.2.4.so"
Reply: Bill Weiss: "Re: /lib/ld-2.2.4.so"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, Apr 22, 2002 at 09:43:32AM +0300, Sabau Daniel wrote:
> boxes and i've been succesfull, please if anyone know how to eliminate 
> this hole in my security give me a replay. If i try to change the mode on 

You can't fix it. You can always do

	cp file-with-mode-444-perms ./foobar
	chmod +x foobar
	./foobar

Unix file permission bits aren't really orthogonal, especially r and x.
Even though it may give some admins a deep feeling of satisfaction,
playing with the r and x bits accomplishes nothing in terms of security.

Olaf
-- 
Olaf Kirch        |  Anyone who has had to work with X.509 has probably
okirat_private   |  experienced what can best be described as
------------------+  ISO water torture. -- Peter Gutmann

Next message: Chris: "Rodopi Security/Functionality"
Previous message: FozZy: "Re: Cross site scripting in almost every mayor website"
In reply to: Sabau Daniel: "/lib/ld-2.2.4.so"
Next in thread: FozZy: "Re: /lib/ld-2.2.4.so"
Next in thread: Pavel Kankovsky: "Re: /lib/ld-2.2.4.so"
Reply: FozZy: "Re: /lib/ld-2.2.4.so"
Reply: Bill Weiss: "Re: /lib/ld-2.2.4.so"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 24 2002 - 13:57:21 PDT