Re: /lib/ld-2.2.4.so
From: SpaceWalker (spacewalker@altern.org)Date: 04/26/02
- Previous message: Jedi/Sector One: "Re: apache + .htpasswd - bypass pwd check"
- In reply to: Tech Support: "RE: /lib/ld-2.2.4.so"
- Next in thread: Michal Zalewski: "Re: /lib/ld-2.2.4.so"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 26 Apr 2002 23:10:30 +0200 From: SpaceWalker <spacewalker@altern.org> To: <vuln-dev@securityfocus.com>
So, it's not more hard to upload a staticaly linked version of the same telnet program on the box... I really think that when you give a shell to someone, you assume he'll be able to launch code, by thousands of ways.
On Wed, 24 Apr 2002 22:18:12 -0400
"Tech Support" <tech@chilitech.net> wrote:
>
> Even if /home isn't mounted as noexec you can still prevent it if you do it
> right:
> [support@shell matth]$ telnet
> bash: /usr/bin/telnet: Permission denied
> [support@shell matth]$ ls -l /usr/bin/telnet
> -rwxr-x--- 1 root outgoing 62304 Apr 15 1999 /usr/bin/telnet
> [support@shell matth]$ cp /usr/bin/telnet ~/
> cp: /usr/bin/telnet: Permission denied
- Previous message: Jedi/Sector One: "Re: apache + .htpasswd - bypass pwd check"
- In reply to: Tech Support: "RE: /lib/ld-2.2.4.so"
- Next in thread: Michal Zalewski: "Re: /lib/ld-2.2.4.so"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
