Mailinglist Archive: opensuse-security (50 mails)

< Previous Next >
Re: [suse-security] antivir updates not working anymore under 10.0? SOLVED!!
  • From: Arjen de Korte <suse+security@xxxxxxxxxxxx>
  • Date: Thu, 25 May 2006 11:21:51 +0200
  • Message-id: <4475772F.9030408@xxxxxxxxxxxx>
Bob Vickers wrote:

>> Being well known for years already, a Google search on for instance
>> 'circumvent noexec' will give you plenty of pointers where to look. The
>> basic idea behind the noexec flag may be nice, but there are so many
>> loopholes around it, that the amount of applications that it breaks are
>> really not worth all the trouble.
> I think this is a little contentious. The important question is not
> whether noexec *can* be circumvented, but whether it *is* circumvented by
> a typical script-kiddie's exploit. If noexec stops some exploits working
> then you have gained a valuable extra layer of security.

I doubt that many script kiddies will be stopped by it. The loophole for
shell scripts is as simple as running

/bin/sh /tmp/<insert your favourite script here>

instead of just firing up the script. You can even run binaries in a
similar fashion. That doesn't add a lot of work for them and I really
doubt if this has not become the standard already. Since setting the
'noexec' flag creates real problems in legitimate applications, antivir
being just one of them, I don't think setting this flag is worth the
trouble.

Of course, YMMV.

Arjen




< Previous Next >