Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 17 Jan 2000 22:57:04 -0500 (EST)
From:      Omachonu Ogali <oogali@intranova.net>
To:        Spidey <beaupran@iro.umontreal.ca>
Cc:        Alexander Langer <alex@big.endian.de>, Jonathan Fortin <jonf@revelex.com>, freebsd-security@FreeBSD.ORG
Subject:   Re: sh?
Message-ID:  <Pine.BSF.4.10.10001172254020.97329-100000@hydrant.intranova.net>
In-Reply-To: <14467.56256.337327.619067@anarcat.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
That was the purpose for the denying code, to try and stop the attack
before it goes through. For instance, 'named' shouldn't be executing sh,
so I would add 'named' to the file, see where I'm going?

Omachonu Ogali
Intranova Networking Group

On Mon, 17 Jan 2000, Spidey wrote:

> These exploits can generally be trivially modified to use another
> shell.
> 
> And anyways, once sh is launched and it's not supposed to (read: root
> shell), it's generally too late.. :))
> 
> The AnarCat
> 
> --- Big Brother told Omachonu Ogali to write, at 14:28 of January 17:
> > On all systems.
> > 
> > Take a look at some shellcode in the most recent exploits, they either
> > bind /bin/sh to a port via inetd or execute some program using /bin/sh.
> > 
> > Omachonu Ogali
> > Intranova Networking Group
> > 
> > On Mon, 17 Jan 2000, Alexander Langer wrote:
> > 
> > > Thus spake Omachonu Ogali (oogali@intranova.net):
> > > 
> > > > Most of the exploits out there use /bin/sh to launch attacks.
> > > 
> > > On FreeBSD?
> > > 
> > > Alex
> > > 
> > > -- 
> > > I doubt, therefore I might be. 
> > > 
> > 
> > 
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> 
> -- 
> Si l'image donne l'illusion de savoir
> C'est que l'adage pretend que pour croire,
> L'important ne serait que de voir
> 
> Lofofora
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001172254020.97329-100000>