From owner-freebsd-security@FreeBSD.ORG  Fri Sep 23 21:31:18 2005
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 039D116A421
	for <freebsd-security@freebsd.org>;
	Fri, 23 Sep 2005 21:31:18 +0000 (GMT)
	(envelope-from security@gugol.ru)
Received: from gugol.ru (gugol.ru [85.21.77.162])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 9ADCA43D62
	for <freebsd-security@freebsd.org>;
	Fri, 23 Sep 2005 21:31:15 +0000 (GMT)
	(envelope-from security@gugol.ru)
Message-ID: <43345736.3090602@gugol.ru>
Date: Fri, 23 Sep 2005 23:27:50 +0400
From: Vasiliy <security@gugol.ru>
User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)
X-Accept-Language: en-us, en
MIME-Version: 1.0
To: Borja Marcos <borjamar@sarenet.es>
References: <F02FC593-8F19-40D4-B1E7-63B78F1E5300@sarenet.es>	<43332CD7.4070107@romab.com>
	<726F1E71-D4D9-4C34-848D-868C1158834E@sarenet.es>
In-Reply-To: <726F1E71-D4D9-4C34-848D-868C1158834E@sarenet.es>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by antivirus at gugol.ru
Cc: freebsd-security@freebsd.org
Subject: Re: Mounting filesystems with "noexec"
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Sep 2005 21:31:18 -0000

> That said, my point is this: the amount of damage you can do from a  
> "native" program is greater than the damage you can achieve from a  
> script language, afaik. 
   This is not the case, unfortunately. There are already a lot of 
exploits written in Perl, Python. Just google for "perl exploit" or 
something similar. And this exploits are not like "construct proper GET 
request for another SQL injection", but complicated buffer-overflowing 
ones. Also exists some tutorials like this:
http://community.core-sdi.com/~juliano/withperl.txt

> At least a privilege escalation should be  
> harder to obtain. I'm not sure about some languages such as Perl,  though.
   As was said above, perfoming privilege escalation in scripting 
languages is not harder than in C, for example.

   So, using "noexec" option for preventing malicious code from 
execution is not desirable.

-- 
wbr,
Vasiliy