Re: /lib/ld-2.2.4.so

From: SpaceWalker (spacewalkerat_private)
Date: Fri Apr 26 2002 - 14:10:30 PDT

Next message: Jonas: "Re: apache + .htpasswd - bypass pwd chec"

Previous message: KF: "Re: ecartis / listar PoC"
In reply to: Tech Support: "RE: /lib/ld-2.2.4.so"
Next in thread: Michal Zalewski: "Re: /lib/ld-2.2.4.so"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

So, it's not more hard to upload a staticaly linked version of the same telnet program on the box... I really think that when you give a shell to someone, you assume he'll be able to launch code, by thousands of ways.

On Wed, 24 Apr 2002 22:18:12 -0400
"Tech Support" <techat_private> wrote:

> 
> Even if /home isn't mounted as noexec you can still prevent it if you do it
> right:
> [support@shell matth]$ telnet
> bash: /usr/bin/telnet: Permission denied
> [support@shell matth]$ ls -l /usr/bin/telnet
> -rwxr-x---   1 root     outgoing    62304 Apr 15  1999 /usr/bin/telnet
> [support@shell matth]$ cp /usr/bin/telnet ~/
> cp: /usr/bin/telnet: Permission denied

Next message: Jonas: "Re: apache + .htpasswd - bypass pwd chec"
Previous message: KF: "Re: ecartis / listar PoC"
In reply to: Tech Support: "RE: /lib/ld-2.2.4.so"
Next in thread: Michal Zalewski: "Re: /lib/ld-2.2.4.so"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 26 2002 - 15:54:38 PDT