AW: [suse-security] perl script drop
noexec mount option doesn´t help at all: $ mount /dev/vg00/lvol9 on /mnt type reiserfs (rw,noexec) $ ./hello -bash: ./hello: Permission denied $ /lib/ld-linux.so.2 ./hello hello world $ file hello hello: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 2.2.0, dynamically linked (uses shared libs), not stripped Regards Torsten
---------- Von: Peter Wiersig[SMTP:wiersig-ml@dns.glamus.de] Gesendet: Montag, 12. Mai 2003 13:48 An: suse-security@suse.com Betreff: Re: [suse-security] perl script drop
petry wrote:
Only a small hint for the /tmp-partition: mount it as follows in /etc/fstab
/dev/hda5 /tmp ext2 rw,nosuid,nodev,noexec
with the noexec-parameter so no one is able to execute a created script from that directory
Only when the script interpreter is located on the noexec partition:
$ cat FreeSpace/hello.pl print "Hello world\n"; wiersig@peter:~ $ ls -l FreeSpace/hello* -rw-r--r-- 1 wiersig wiersig 23 May 12 13:47 FreeSpace/hello.pl -rw-r--r-- 1 wiersig wiersig 17 May 12 13:45 FreeSpace/hello.sh wiersig@peter:~ $ perl FreeSpace/hello.pl Hello world
mount options don't help when faced with scripts.
Have fun, Peter
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (1)
-
TORSTEN.NEUMANN@DLH.DE