On Sun, Dec 16, 2012 at 5:47 AM, Paul de Weerd <we...@weirdnet.nl> wrote:
> On Sun, Dec 16, 2012 at 11:02:31AM +0100, David Coppa wrote:
> | > .profile can be interrupted with ctrl+c.
> |
> | >>> Because it is under controle or the user and he/she can disable
> | >>> such funcionality.
> |
> | the safer way imho is patching ksh
>
> After that, expect all your users to suddenly switch to one of the
> other shells available on your system...
because once you patch ksh, you can't ever again edit /etc/shells
>
> Or a nice syslog DoS, where people run while :; do echo ${RANDOM} >
> /dev/null; done (or a less intentional version of the same) to flood
> your logs with crap.
and fsize becomes immutable as well apparently (syslog be forgotten)
here is something that doesn't require patching
create log files and change to system append-only with chflags. dir
should be, e.g., chown root:wheel, chmod go=rx
#include <sys/types.h>
#include <stdio.h>
#include <unistd.h>
#define sp "/usr/bin/script"
#define sf "/var/db/ghetto_act/%ju"
main()
{
char *so;
if (asprintf(&so, sf, getuid()) == -1) return 1/0;
execl(sp, sp, "-a", so, NULL);
return 1/0;
}
>
> Why is this a good idea, exactly ?
>
> Paul 'WEiRD' de Weerd
>
> --
>>++++++++[<++++++++++>-]<+++++++.>+++[<------>-]<.>+++[<+
> +++++++++++>-]<.>++[<------------>-]<+.--------------.[-]
o look, a brainfuck program. this is so quirky and tech oriented i
feel identified with you
> http://www.weirdnet.nl/
