Gabor Gombas wrote: > On Mon, May 08, 2006 at 11:53:15AM +0100, Thiemo Seufer wrote: > > > Such a binary is completely broken, and it would fail in a similiar way > > for any sort of file it has no execute permission for, not only for > > $SHELL. > > Sure, but that does not change the fact that it is a failure path that > is usually not well-tested. Triggering it deliberately without a general > audit of login shell handling therefore may discover new bugs with > security implications.
So you expect systems to become exploitable by mounting /usr as noexec when they provide some /usr/bin/foo shell? Do you also expect this is more likely than an exploitable bug in /usr/sbin/nologin or /bin/false with their dependencies on ldso and glibc? Thiemo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
