Date: Thu, 22 Sep 2005 13:41:18 +0200 From: Borja Marcos <borjamar@sarenet.es> To: Rob MacGregor <freebsd.macgregor@blueyonder.co.uk> Cc: freebsd-security@freebsd.org Subject: Re: Mounting filesystems with "noexec" Message-ID: <1C5552E8-3E4C-41D4-80F4-7AAA6FD3EF7D@sarenet.es> In-Reply-To: <200509221124.j8MBOkMM017056@the-macgregors.org> References: <200509221124.j8MBOkMM017056@the-macgregors.org>
next in thread | previous in thread | raw e-mail | index | archive | help
> As long as you can disable/limit the logging. One very nasty
> "attack" would be
> to loop trying to run a binary. Blow your logging partition.
> Somebody could
> then use that to do other things that would normally be logged,
> safe in the
> knowledge that their activities wouldn't be logged.
>
> I've seen systems brought to their knees by similar well
> intentioned logging
> activities. It's not pretty :)
That's out of the question, of course :)
A sysctl could control it. Anyway, the same can happen with
zillions of logged events.
Borja.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1C5552E8-3E4C-41D4-80F4-7AAA6FD3EF7D>