From owner-freebsd-security Wed Jan 19 19:20:17 2000 Delivered-To: freebsd-security@freebsd.org Received: from anarcat.dyndns.org (phobos.IRO.UMontreal.CA [132.204.20.20]) by hub.freebsd.org (Postfix) with ESMTP id E13A5153A0 for ; Wed, 19 Jan 2000 19:20:10 -0800 (PST) (envelope-from spidey@anarcat.dyndns.org) Received: by anarcat.dyndns.org (Postfix, from userid 1000) id 584671BEC; Wed, 19 Jan 2000 14:03:55 -0500 (EST) From: Spidey MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14470.2714.445315.624901@anarcat.dyndns.org> Date: Wed, 19 Jan 2000 14:03:54 -0500 (EST) To: Omachonu Ogali Cc: Alexander Langer , Jonathan Fortin , freebsd-security@FreeBSD.ORG Subject: Re: sh? References: <14467.56256.337327.619067@anarcat.dyndns.org> X-Mailer: VM 6.72 under 21.1 (patch 8) "Bryce Canyon" XEmacs Lucid Reply-To: beaupran@iro.umontreal.ca Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Yes, but you'll have to patch every single shell... Unless the attacker is not aware of the mesure. It is too simple to change an exploit code to use (say) csh instead of sh. Even then, one could exploit other executables. I would favor more the idea of implementing this in the kernel... --- Big Brother told Omachonu Ogali to write, at 22:57 of January 17: > That was the purpose for the denying code, to try and stop the attack > before it goes through. For instance, 'named' shouldn't be executing sh, > so I would add 'named' to the file, see where I'm going? > > Omachonu Ogali > Intranova Networking Group > > On Mon, 17 Jan 2000, Spidey wrote: > > > These exploits can generally be trivially modified to use another > > shell. > > > > And anyways, once sh is launched and it's not supposed to (read: root > > shell), it's generally too late.. :)) > > > > The AnarCat > > > > --- Big Brother told Omachonu Ogali to write, at 14:28 of January 17: > > > On all systems. > > > > > > Take a look at some shellcode in the most recent exploits, they either > > > bind /bin/sh to a port via inetd or execute some program using /bin/sh. > > > > > > Omachonu Ogali > > > Intranova Networking Group > > > > > > On Mon, 17 Jan 2000, Alexander Langer wrote: > > > > > > > Thus spake Omachonu Ogali (oogali@intranova.net): > > > > > > > > > Most of the exploits out there use /bin/sh to launch attacks. > > > > > > > > On FreeBSD? > > > > > > > > Alex > > > > > > > > -- > > > > I doubt, therefore I might be. > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > -- > > Si l'image donne l'illusion de savoir > > C'est que l'adage pretend que pour croire, > > L'important ne serait que de voir > > > > Lofofora > > -- Si l'image donne l'illusion de savoir C'est que l'adage pretend que pour croire, L'important ne serait que de voir Lofofora To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message