Date: Mon, 17 Jan 2000 22:57:04 -0500 (EST) From: Omachonu Ogali <oogali@intranova.net> To: Spidey <beaupran@iro.umontreal.ca> Cc: Alexander Langer <alex@big.endian.de>, Jonathan Fortin <jonf@revelex.com>, freebsd-security@FreeBSD.ORG Subject: Re: sh? Message-ID: <Pine.BSF.4.10.10001172254020.97329-100000@hydrant.intranova.net> In-Reply-To: <14467.56256.337327.619067@anarcat.dyndns.org>
next in thread | previous in thread | raw e-mail | index | archive | help
That was the purpose for the denying code, to try and stop the attack before it goes through. For instance, 'named' shouldn't be executing sh, so I would add 'named' to the file, see where I'm going? Omachonu Ogali Intranova Networking Group On Mon, 17 Jan 2000, Spidey wrote: > These exploits can generally be trivially modified to use another > shell. > > And anyways, once sh is launched and it's not supposed to (read: root > shell), it's generally too late.. :)) > > The AnarCat > > --- Big Brother told Omachonu Ogali to write, at 14:28 of January 17: > > On all systems. > > > > Take a look at some shellcode in the most recent exploits, they either > > bind /bin/sh to a port via inetd or execute some program using /bin/sh. > > > > Omachonu Ogali > > Intranova Networking Group > > > > On Mon, 17 Jan 2000, Alexander Langer wrote: > > > > > Thus spake Omachonu Ogali (oogali@intranova.net): > > > > > > > Most of the exploits out there use /bin/sh to launch attacks. > > > > > > On FreeBSD? > > > > > > Alex > > > > > > -- > > > I doubt, therefore I might be. > > > > > > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-security" in the body of the message > > -- > Si l'image donne l'illusion de savoir > C'est que l'adage pretend que pour croire, > L'important ne serait que de voir > > Lofofora > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.10.10001172254020.97329-100000>