Re: [fw-wiz] Securing a Linux Firewall
From: Brian Hatch (firewall-wizards@ifokr.org)
Date: 07/23/02
- Next message: Bruce Platt: "RE: [fw-wiz] Securing a Linux Firewall"
- Previous message: Paul Robertson: "RE: [fw-wiz] Securing a Linux Firewall"
- In reply to: Paul Robertson: "RE: [fw-wiz] Securing a Linux Firewall"
- Next in thread: John McDermott: "Re: [fw-wiz] Securing a Linux Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Brian Hatch <firewall-wizards@ifokr.org> To: Paul Robertson <proberts@patriot.net> Date: Tue Jul 23 17:29:03 2002
> s/can/may be able to/, it depends on the ammount of space the attacker has
> to work with- also the attacker may only have write access to a
> noexec/nodev filesystem.
A noexec filesystem won't help. Say you have /noexec mounted
with (duh) noexec. That protects you from running
$ /noexec/path/to/program
but not
$ sh /noexec/path/to/shellscript
or
$ /lib/ld-linux.so.2 /noexec/path/to/program
for example.
(Not that noexec isn't a good idea - it's just not a silver bullet.)
-- Brian Hatch "Enjoy your time with the Systems and perpetual motion machine Security Engineer you call a daughter" www.hackinglinuxexposed.com --Stephen Entwisle Every message PGP signed
- application/pgp-signature attachment: stored
- Next message: Bruce Platt: "RE: [fw-wiz] Securing a Linux Firewall"
- Previous message: Paul Robertson: "RE: [fw-wiz] Securing a Linux Firewall"
- In reply to: Paul Robertson: "RE: [fw-wiz] Securing a Linux Firewall"
- Next in thread: John McDermott: "Re: [fw-wiz] Securing a Linux Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
