On Mon, May 08, 2006 at 12:47:53PM +0100, Thiemo Seufer wrote:
> So you expect systems to become exploitable by mounting /usr as noexec
> when they provide some /usr/bin/foo shell?
Not actually "expect", but I would not be _that_ suprised. Most programs
that care about the login shell tend to run as root so a simple bug is
much more likely to become a security problem.
> Do you also expect this is more likely than an exploitable bug in
> /usr/sbin/nologin or /bin/false with their dependencies on ldso and
> glibc?
The code of nologin or false should be trivial. Spotting a place in some
complicated daemon where it fails to handle the "execve() returs an
error" case properly is much harder.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
