Date: Fri, 23 Sep 2005 09:05:13 +0200 From: Borja Marcos <borjamar@sarenet.es> To: Andreas Jonsson <andreas@romab.com> Cc: freebsd-security@freebsd.org Subject: Re: Mounting filesystems with "noexec" Message-ID: <726F1E71-D4D9-4C34-848D-868C1158834E@sarenet.es> In-Reply-To: <43332CD7.4070107@romab.com> References: <F02FC593-8F19-40D4-B1E7-63B78F1E5300@sarenet.es> <43332CD7.4070107@romab.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> Instead of running "./script.sh" or "./script.pl" you just have to > type > /bin/sh script.sh or /usr/bin/perl script.pl which gives pretty much > everything you need when it comes to using exploits. In linux you > could > also circumvent it by using /lib/ld.so exploit, but i'm not sure if > that > is "fixed" now or not. I'm well aware of this, obviously :-) But, with TPE or without TPE, any command with a script language, be it a shell, Perl, Tcl, or whatever (even Java) should perform that check, which is not a good design practice. That said, my point is this: the amount of damage you can do from a "native" program is greater than the damage you can achieve from a script language, afaik. At least a privilege escalation should be harder to obtain. I'm not sure about some languages such as Perl, though. Of course, this is only one among a bigger set of security measures. Borja.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?726F1E71-D4D9-4C34-848D-868C1158834E>