Re: /lib/ld-2.2.4.so

From: Olaf Kirch (okir@caldera.de)
Date: 04/23/02


Date: Tue, 23 Apr 2002 09:27:53 +0200
From: Olaf Kirch <okir@caldera.de>
To: Sabau Daniel <draven@UBBCluj.Ro>

On Mon, Apr 22, 2002 at 09:43:32AM +0300, Sabau Daniel wrote:
> boxes and i've been succesfull, please if anyone know how to eliminate
> this hole in my security give me a replay. If i try to change the mode on

You can't fix it. You can always do

        cp file-with-mode-444-perms ./foobar
        chmod +x foobar
        ./foobar

Unix file permission bits aren't really orthogonal, especially r and x.
Even though it may give some admins a deep feeling of satisfaction,
playing with the r and x bits accomplishes nothing in terms of security.

Olaf

-- 
Olaf Kirch        |  Anyone who has had to work with X.509 has probably
okir@caldera.de   |  experienced what can best be described as
------------------+  ISO water torture. -- Peter Gutmann



Relevant Pages

  • Re: /lib/ld-2.2.4.so
    ... >> this hole in my security give me a replay. ... > Unix file permission bits aren't really orthogonal, ... > playing with the r and x bits accomplishes nothing in terms of security. ...
    (Vuln-Dev)
  • Re: Network Security
    ... In one of my first jobs, ... We closed the security hole ... >still needed to know who was the perpetrator, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Back Doors (was: EXCP with a DEB)
    ... The first thing to do upon finding a security hole is to notify the vendor. ... IBM will generally understand the hole, and fix it within a reasonable time. ... Said someone else might use the security hole maliciously, ... Secrecy is only beneficial to security in limited circumstances, and certainly not with respect to vulnerability or reliability information. ...
    (bit.listserv.ibm-main)
  • Re: Potential hole in Ettercap 0.6.2
    ... I think the guidelines are pretty well outlined in the ... information should be posted to the VULN-DEV list: ... "Here's a script to exploit the hole.." ... potential security impact. ...
    (Vuln-Dev)
  • Re: Security Audit
    ... Subject: Security Audit ... that if you're conducting a "blind" external pen test, ... only addressing one hole on one server. ... at the patch levels on each one. ...
    (Pen-Test)