RE: /lib/ld-2.2.4.so

From: Tech Support (tech@chilitech.net)
Date: 04/25/02 

From: "Tech Support" <tech@chilitech.net>
To: "FozZy" <fozzy@dmpfrance.com>, "Olaf Kirch" <okir@caldera.de>
Date: Wed, 24 Apr 2002 22:18:12 -0400

Even if /home isn't mounted as noexec you can still prevent it if you do it
right:
[support@shell matth]$ telnet
bash: /usr/bin/telnet: Permission denied
[support@shell matth]$ ls -l /usr/bin/telnet
-rwxr-x--- 1 root outgoing 62304 Apr 15 1999 /usr/bin/telnet
[support@shell matth]$ cp /usr/bin/telnet ~/
cp: /usr/bin/telnet: Permission denied

This is because the user "support" is not in the group "outgoing" hence they
can't do ANYTHING to that file.

~ Matt
-----Original Message-----
From: FozZy [mailto:fozzy@dmpfrance.com]
Sent: Wednesday, April 24, 2002 5:12 PM
To: Olaf Kirch
Cc: draven@UBBCluj.Ro; vuln-dev@securityfocus.com;
focus-linux@securityfocus.com
Subject: Re: /lib/ld-2.2.4.so

> You can't fix it. You can always do
>
> cp file-with-mode-444-perms ./foobar
> chmod +x foobar
> ./foobar

Well, not "always". I used to be on a system where home partitions, /tmp,
and any place where you can write something, were mounted as noexec. There
was also no compiler, etc.
But, with this trick a cracker could upload his favorite binary exploit and
easily run it.

FozZy