Even if /home isn't mounted as noexec you can still prevent it if you do it right: [support@shell matth]$ telnet bash: /usr/bin/telnet: Permission denied [support@shell matth]$ ls -l /usr/bin/telnet -rwxr-x--- 1 root outgoing 62304 Apr 15 1999 /usr/bin/telnet [support@shell matth]$ cp /usr/bin/telnet ~/ cp: /usr/bin/telnet: Permission denied This is because the user "support" is not in the group "outgoing" hence they can't do ANYTHING to that file. ~ Matt -----Original Message----- From: FozZy [mailto:fozzyat_private] Sent: Wednesday, April 24, 2002 5:12 PM To: Olaf Kirch Cc: dravenat_private; vuln-devat_private; focus-linuxat_private Subject: Re: /lib/ld-2.2.4.so > You can't fix it. You can always do > > cp file-with-mode-444-perms ./foobar > chmod +x foobar > ./foobar Well, not "always". I used to be on a system where home partitions, /tmp, and any place where you can write something, were mounted as noexec. There was also no compiler, etc. But, with this trick a cracker could upload his favorite binary exploit and easily run it. FozZy
This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 07:21:26 PDT