Date: Wed, 19 Jan 2000 14:03:54 -0500 (EST) From: Spidey <beaupran@iro.umontreal.ca> To: Omachonu Ogali <oogali@intranova.net> Cc: Alexander Langer <alex@big.endian.de>, Jonathan Fortin <jonf@revelex.com>, freebsd-security@FreeBSD.ORG Subject: Re: sh? Message-ID: <14470.2714.445315.624901@anarcat.dyndns.org> References: <14467.56256.337327.619067@anarcat.dyndns.org> <Pine.BSF.4.10.10001172254020.97329-100000@hydrant.intranova.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, but you'll have to patch every single shell... Unless the attacker is not aware of the mesure. It is too simple to change an exploit code to use (say) csh instead of sh. Even then, one could exploit other executables. I would favor more the idea of implementing this in the kernel... --- Big Brother told Omachonu Ogali to write, at 22:57 of January 17: > That was the purpose for the denying code, to try and stop the attack > before it goes through. For instance, 'named' shouldn't be executing sh, > so I would add 'named' to the file, see where I'm going? > > Omachonu Ogali > Intranova Networking Group > > On Mon, 17 Jan 2000, Spidey wrote: > > > These exploits can generally be trivially modified to use another > > shell. > > > > And anyways, once sh is launched and it's not supposed to (read: root > > shell), it's generally too late.. :)) > > > > The AnarCat > > > > --- Big Brother told Omachonu Ogali to write, at 14:28 of January 17: > > > On all systems. > > > > > > Take a look at some shellcode in the most recent exploits, they either > > > bind /bin/sh to a port via inetd or execute some program using /bin/sh. > > > > > > Omachonu Ogali > > > Intranova Networking Group > > > > > > On Mon, 17 Jan 2000, Alexander Langer wrote: > > > > > > > Thus spake Omachonu Ogali (oogali@intranova.net): > > > > > > > > > Most of the exploits out there use /bin/sh to launch attacks. > > > > > > > > On FreeBSD? > > > > > > > > Alex > > > > > > > > -- > > > > I doubt, therefore I might be. > > > > > > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > > with "unsubscribe freebsd-security" in the body of the message > > > > -- > > Si l'image donne l'illusion de savoir > > C'est que l'adage pretend que pour croire, > > L'important ne serait que de voir > > > > Lofofora > > -- Si l'image donne l'illusion de savoir C'est que l'adage pretend que pour croire, L'important ne serait que de voir Lofofora To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?14470.2714.445315.624901>