Date: Sat, 29 Aug 1998 17:19:49 +1000 (EST) From: Nicholas Charles Brawn <ncb05@uow.edu.au> To: "Matthew D. Fuller" <fullermd@futuresouth.com> Cc: "Jan B. Koum " <jkb@best.com>, scex <scex@dqc.org>, "Jeffrey J. Mountin" <jeff-ml@mountin.net>, security@FreeBSD.ORG Subject: Re: Shell history Message-ID: <Pine.SOL.4.02A.9808291715410.4289-100000@banshee.cs.uow.edu.au> In-Reply-To: <19980829012245.54585@futuresouth.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 29 Aug 1998, Matthew D. Fuller wrote: > On Fri, Aug 28, 1998 at 10:42:52PM -0700, Jan B. Koum woke me up to tell me: > > Hmm.. you are right, but what will stop an attacker who has > > freebsd box or has access to one to download the binary? > > mount -u -o noexec /home? > (and /tmp, of course) > Or you could try my trusted path execution patch: http://rabble.uow.edu.au/~nick/security/tpe.stable.diff Of course, by that stage we're down to worrying about LD_LIBRARY_PATH problems, and interpreters such as perl. :) Nick -- Email: ncb05@uow.edu.au - http://rabble.uow.edu.au/~nick Key fingerprint = DE 30 33 D3 16 91 C8 8D A7 F8 70 03 B7 77 1A 2A "When in doubt, ask someone wiser than yourself..." -unknown To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.4.02A.9808291715410.4289-100000>